Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP for userns KEP #4

Closed
wants to merge 4 commits into from
Closed

WIP for userns KEP #4

wants to merge 4 commits into from

Conversation

rata
Copy link
Member

@rata rata commented Nov 29, 2021

This PR is intended for internal review with @giuseppe before opening upstream.

This is still a WIP!

@lauralorenz
Update graduation criteria based on 5/11 SIG-MC discussions
2c890ef 
Removed kube-proxy implementation related items (now consider these an implementation detail0
Explicitly tied MCS API to Cluster ID KEP's maturity level
rata
rata commented Nov 29, 2021
View reviewed changes
keps/sig-node/127-user-namespaces/README.md Outdated

### Graduation Criteria

Graduation for each pod.spec field we introduce will be separate.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Don't forget to highlight this to upstream!

@k8s-ci-robot
Merge pull request kubernetes#2821 from lauralorenz/patch-1
267d78d 
KEP-1645: Update MCS API graduation criteria based on 5/11 SIG-MC discussions
@rata rata force-pushed the rata/userns branch 5 times, most recently from 5a721e8 to 5a5f0fd Compare December 3, 2021 16:40
@rata rata force-pushed the rata/userns branch 2 times, most recently from 3f0313b to 72618fc Compare December 9, 2021 16:44
@rata rata force-pushed the rata/userns branch 4 times, most recently from ea3bc54 to 70b5832 Compare February 4, 2022 20:07
@rata @giuseppe
Add KEP for user namespaces support
54b72ea 
This commit adds the high level overview I proposed in the SIG-node
meeting on Nov 2. The work divided in phases and intial support (phase 1
and 2) is disentangled from further improvements that community members
wanted to see (phase 3).

This incorporates the valuable feedback in the discussion at PR 2101,
making things as automatic as possible and adding a phase 3 for such
improvements, while it also leaves room for future improvements too.

Slides used in the Nov 2 SIG-node meeting are here:
	https://docs.google.com/presentation/d/1z4oiZ7v4DjWpZQI2kbFbI8Q6botFaA07KJYaKA-vZpg/edit#slide=id.gc6f73a04f_0_0

Signed-off-by: Rodrigo Campos <[email protected]>
Co-authored-by: Giuseppe Scrivano <[email protected]>
Signed-off-by: Giuseppe Scrivano <[email protected]>
@rata rata closed this Feb 23, 2022
rata pushed a commit that referenced this pull request Aug 9, 2022
@ritazh
Merge pull request #4 from ritazh/review-updates
3355fd1 
address review comments
rata pushed a commit that referenced this pull request Aug 7, 2023
@KnVerey @justinsb
KEP-3659: ApplySet: kubectl apply --prune redesign and graduation str…
01da7ba 
…ategy (kubernetes#3661)

* Initial KEP for improving pruning in kubectl apply

* Add design details

Co-authored-by: Katrina Verey <[email protected]>

* Add another open question

* Links, clarifications, ownerRef and GKNN explanations

* Follow-on to initial feedback, address some unresolved blocks

* Fix lint errors

* Add more detail about reference implementation (#2)

* Apply prune jan25 (#3)

* More clearly delineate specification vs kubectl details

* Move design details of spec to Design Details section

* Updates from synchronous conversation

* Remove leftover paragraph (#5)

Not an alternative rejected any more, given applyset.k8s.io/inventory

* Justin has always been coauthor

* KEP-3659: production readiness etc (#4)

Fill in the testing/ PRR sections.

* Fix test failures

* Prune: document confused deputy attack and mitigations

Likely pushes us to GKNN-derived IDs.

* Constrain applyset id

We just choose the constrained applyset id to prevent "applyset ID
impersonation".

* Update KEP and PRR metadata

* Enhance testing description

* ID vs name fixes

* Fixes from soltysh's review

---------

Co-authored-by: Justin Santa Barbara <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giuseppe giuseppe giuseppe left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rata @giuseppe @lauralorenz @k8s-ci-robot