search

kubernetes-sigs / cli-experimental

Experimental Kubectl libraries and commands.
Apache License 2.0
83 stars 214 forks source link

Apply documentation does not specify remote url format or mechanism #373

Closed dcmiddle closed 1 month ago

dcmiddle commented 6 months ago

https://kubectl.docs.kubernetes.io/references/kubectl/apply/ does not list the ability to use URLs as in https://github.com/confidential-containers/confidential-containers/blob/main/quickstart.md kubectl apply -k github.com/confidential-containers/operator/config/release?ref=v0.8.0

I would like to understand whether apply fetches that URL implicitly using a secure mechanism like https. This would satisfy an OpenSSF Best Practices criteria meant to protect users from downloading maliciously corrupted releases.

https://kubectl.docs.kubernetes.io/references/kubectl/kustomize/ mentions a git url but without example or clarification of the mechanism.

Presumably kubectl apply uses one of the mechanisms here https://git-scm.com/book/en/v2/Git-on-the-Server-The-Protocols Which includes secure and insecure mechanisms.

k8s-triage-robot commented 3 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 2 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

dcmiddle commented 2 months ago

/remove-lifecycle stale

Issue is still relevant for assessing Software Supply Chain Security & OpenSSF Best Practices.

k8s-triage-robot commented 1 month ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

You can:

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 1 month ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/cli-experimental/issues/373#issuecomment-2143515055): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.