jpbetz
commented
2 years ago /sig api-machinery
Open jpbetz opened 2 years ago
jpbetz
commented
2 years ago /sig api-machinery
kikisdeliveryservice
commented
2 years ago @jpbetz please provide a Discussion Link. It is required that you "link to SIG mailing list thread, meeting, or recording where the Enhancement was discussed before KEP creation" :)
logicalhan
commented
1 year ago /lead-opted-in
logicalhan
commented
1 year ago /milestone v1.26
logicalhan
commented
1 year ago /lead-opted-in
logicalhan
commented
1 year ago /sig api-machinery
rhockenbury
commented
1 year ago /label tracked/yes
parul5sahoo
commented
1 year ago Hello @jpbetz π, 1.26 Enhancements team here.
Just checking in as we approach enhancements freeze on 18:00 PDT on Thursday 6th October 2022.
This enhancement is targeting for stage alpha for 1.26 (correct me, if otherwise)
Here's where this enhancement currently stands:
implementable for latest-milestone: 1.26For this KEP, we would just need to update the following before enhancements freeze which is approaching soon:
implemetable.The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!
jpbetz
commented
1 year ago https://github.com/kubernetes/enhancements/pull/3554 contains PRR, test, graduation and implementable, we are aiming to merge it today
cici37
commented
1 year ago @parul5sahoo Thanks for reaching out! We have everything merged. The KEP can be tracked now. Please let us know of anything is missing :)
parul5sahoo
commented
1 year ago Hello @cici37 , although I see that the release sign off checklist and the test agreement have been included but they are all unchecked. so could you please check the items that meet the criteria in the release check list and also the check the test agreement. And since these are minor details I am marking the KEP as tracked.
cici37
commented
1 year ago Hello @cici37 , although I see that the release sign off checklist and the test agreement have been included but they are all unchecked. so could you please check the items that meet the criteria in the release check list and also the check the test agreement. And since these are minor details I am marking the KEP as
tracked.
https://github.com/kubernetes/enhancements/pull/3592 to address this. Thanks for marking this tracked!
cici37
commented
1 year ago /assign
katmutua
commented
1 year ago Hello @jpbetz ! ππΎ,
@katmutua 1.26 Release Docs shadow here. This enhancement is marked as βNeeds Docsβ for 1.26 release.
Please follow the steps detailed in the documentation to open a PR against dev-1.26 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by November 9.
Also, take a look at Documenting for a release to familiarize yourself with the docs requirement for the release. As a reminder, please link all of your docs PR to this issue so we can easily track it.
ruheenaansari34
commented
1 year ago Hi @jpbetz π,
Checking in once more as we approach the 1.26 code freeze at 17:00 PDT on Tuesday 8th November 2022.
Please ensure the following items are completed:
For this enhancement, it looks like the following PRs are open and need to be merged before the code freeze. If you do have any other k/k PRs open, please link them to this issue :
As always, we are here to help should questions come up. Thanks!
jpbetz
commented
1 year ago All PRs are now linked and we are working on code review and approvals. We will open a docs PR shortly.
cici37
commented
1 year ago I have opened the doc place holder PR. Thanks
jpbetz
commented
1 year ago All alpha feature code has merged.
marosset
commented
1 year ago /remove-label lead-opted-in /remove-label tracked/yes /label tracked/no /milestone clear
sftim
commented
1 year ago I had an idea: also provide a mechanism to accept a proposed change at admission time, but warn about a breach.
sftim
commented
1 year ago Something like:
---
apiVersion: admissionregistration.k8s.io/v1foo42
kind: ValidatingAdmissionPolicy
metadata:
name: demo
spec:
matchConstraints:
resourceRules:
- apiGroups: ["apps"]
apiVersions: ["v1"]
operations: ["CREATE", "UPDATE"]
resources: ["deployments"]
warnUnless:
- expression: |-
object.spec.replicas < 5
message: >-
You can only have five replicas maximum
failUnless:
- expression: |-
object.spec.replicas <= 5I had an idea: also provide a mechanism to accept a proposed change at admission time, but warn about a breach.
I think we need this. The idea is partially captured in the not-yet-implemented "Enforcement Actions" proposal in the KEP.
How are you imagining warnings to work @sftim? Existing admission webhooks support warnings in the form of additional information sent back to the client for all requests that go through admission (accepted or denied). Would that be sufficient or were you imaging something else?
sftim
commented
1 year ago A client should see a warning that looks identical to the the admission webhook approach outlined in https://kubernetes.io/blog/2020/09/03/warnings/ (except maybe lower response latency). That is exactly what I had in mind.
Not sure what the audit logging option would look like; someone else might be able to devise that.
sftim
commented
1 year ago :thought_balloon: If anyone had the cycles we could even implement ValidatingAdmissionPolicy as an out-of-tree validating admission webhook. I don't think it's worth it, but it'd be possible.
tallclair
commented
1 year ago This has planned changes for v1.27, but it's remaining in alpha. Should it be tracked for the v1.27 milestone?
logicalhan
commented
1 year ago Is there a beta version of this KEP I can review for PRR?
jpbetz
commented
1 year ago Is there a beta version of this KEP I can review for PRR?
We don't have a ETA for beta yet. 1.27 will contain additional alpha level capabilities.
fsmunoz
commented
1 year ago Hello @jpbetz π, v1.27 Enhancements team here.
Just checking in as we approach enhancements freeze on 18:00 PDT Thursday 9th February 2023.
This enhancement is targeting for stage alpha for 1.27 (please correct me, if otherwise)
Here's where this enhancement currently stands:
implementable for latest-milestone: 1.27For this KEP, we would just need to update the following:
The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!
jpbetz
commented
1 year ago Opened https://github.com/kubernetes/enhancements/pull/3833 to update latest-milestone.
fsmunoz
commented
1 year ago Hello @jpbetz , that should do it when merged!
One note: the latest KEP template has an additional section in the PRR section "Scalability"
Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
That section in encouraged (not mandatory) for alpha, so I wasn't strict about it in mt review. That said, you might want to take a look.
cici37
commented
1 year ago Hi @fsmunoz, I think we got everything merged and up to date. For the added question under PRR, we will update when going to beta together with any other potentially update in kep template. Would you mind mark it as tracked when have time? Thank you
fsmunoz
commented
1 year ago Hi @cici37 , @jpbetz . That's fine in terms of the PRR section. Could you add the target version for beta in the milestone section?
cici37
commented
1 year ago @fsmunoz This PR should address above comment: https://github.com/kubernetes/enhancements/pull/3869 Thank you
fsmunoz
commented
1 year ago Thank you @cici37 !
This enhancement is ready to be traced for graduation to alpha beta in v1.27.
/label tracked/yes /remove-label tracked/no
cici37
commented
1 year ago Thank you @cici37 !
This enhancement is ready to be traced for graduation to beta in v1.27.
/label tracked/yes /remove-label tracked/no
Thanks for tracking it. And for reference this is not graduating to beta in 1.27 so the label should remain as alpha. Thank you
katmutua
commented
1 year ago Hello @jpbetz ππΎ !
@katmutua 1.27 Release Docs shadow here. This enhancement is marked as βNeeds Docsβ for 1.27 release.
Please follow the steps detailed in the documentation to open a PR against dev-1.27 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by March 16. For more information, please take a look at Documenting for a release to familiarize yourself with the documentation requirements for the release.
If you already have existing open PRs please link them to the description so we can easily track them. Thanks!
fsmunoz
commented
1 year ago Hi @jpbetz π,
Checking in as we approach 1.27 code freeze at 17:00 PDT on Tuesday 14th March 2023.
Please ensure the following items are completed:
For this enhancement, it looks like all the linked PRs are merged.
Please let me know what other PRs in k/k I should be tracking for this KEP.
As always, we are here to help should questions come up. Thanks!
jpbetz
commented
1 year ago Quick update: Implementation PRs are all merged. The docs have all gone though technical review and we are hopeful they will merge by the deadline. Thanks!
cici37
commented
1 year ago /stage beta
jpbetz
commented
1 year ago /label lead-opted-in
k8s-ci-robot
commented
1 year ago @jpbetz: The label(s) /label lead-opt-in cannot be applied. These labels are supported: api-review, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, team/katacoda, refactor, lead-opted-in, tracked/no, tracked/out-of-tree, tracked/yes. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?
jpbetz
commented
1 year ago /label lead-opted-in
k8s-ci-robot
commented
1 year ago @jpbetz: Can not set label lead-opted-in: Must be member in one of these teams: [release-team-enhancements release-team-leads sig-api-machinery-leads sig-apps-leads sig-architecture-leads sig-auth-leads sig-autoscaling-leads sig-cli-leads sig-cloud-provider-leads sig-cluster-lifecycle-leads sig-contributor-experience-leads sig-docs-leads sig-instrumentation-leads sig-k8s-infra-leads sig-multicluster-leads sig-network-leads sig-node-leads sig-release-leads sig-scalability-leads sig-scheduling-leads sig-security-leads sig-storage-leads sig-testing-leads sig-windows-leads]
jpbetz
commented
1 year ago /label lead-opted-in
(I've been added to the SIG lead group just now)
k8s-ci-robot
commented
1 year ago @jpbetz: Can not set label lead-opted-in: Must be member in one of these teams: [release-team-enhancements release-team-leads sig-api-machinery-leads sig-apps-leads sig-architecture-leads sig-auth-leads sig-autoscaling-leads sig-cli-leads sig-cloud-provider-leads sig-cluster-lifecycle-leads sig-contributor-experience-leads sig-docs-leads sig-instrumentation-leads sig-k8s-infra-leads sig-multicluster-leads sig-network-leads sig-node-leads sig-release-leads sig-scalability-leads sig-scheduling-leads sig-security-leads sig-storage-leads sig-testing-leads sig-windows-leads]
jpbetz
commented
1 year ago /label lead-opted-in
Atharva-Shinde
commented
1 year ago Hello @jpbetz π, Enhancements team here.
Just checking in as we approach enhancements freeze on Thursday, 8th 16th June 2023.
Looks like this enhancement is targeting for stage beta for v1.28
Here's where this enhancement currently stands:
implementable for latest-milestone:v1.28For this KEP, we would simply need to update the following:
The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you :)
cici37
commented
1 year ago Hello @jpbetz π, Enhancements team here.
Just checking in as we approach enhancements freeze on Thursday, 8th June 2023.
Looks like this enhancement is targeting for stage
betaforv1.28Here's where this enhancement currently stands:
- [x] KEP readme using the latest template has been merged into the k/enhancements repo.
- [x] KEP status is marked as
implementableforlatest-milestone:v1.28- [x] KEP readme has a updated detailed test plan section filled out
- [x] KEP readme has up to date graduation criteria
- [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.
For this KEP, we would simply need to update the following:
- Get approval from the PRR authors.
- Get the KEP PR merged before enhancements freeze.
The status of this enhancement is marked as
at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you :)
@Atharva-Shinde Thanks for the updates! I am working on merging the KEP updates and get PRR review before the deadline!
cici37
commented
1 year ago Hi @Atharva-Shinde , the KEP update for this one has been merged and we should be on track now. Thank you!
Atharva-Shinde
commented
1 year ago Hey @cici37 With all the KEP requirements in place and merged into k/enhancements, this enhancement is all good for the upcoming enhancements freeze. π
The status of this enhancement is marked as tracked. Please keep the issue description up-to-date with appropriate stages as well. Thank you :)
Enhancement Description
One-line enhancement description (can be used as a release note): CEL for Admission Control
Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-api-machinery/3488-cel-admission-control
Discussion Link: https://groups.google.com/g/kubernetes-sig-api-machinery/c/WBVf_oWm4kU
Primary contact (assignee): cici37
Responsible SIGs: sig-apimachinery
Enhancement target (which target equals to which milestone):
[x] Alpha
k/enhancements) update PR(s):k/k) update PR(s):k/website) update PR(s):[x] Alpha2(in 1.27)
k/enhancements) update PR(s):k/k) update PR(s):k/website) update(s):[x] Beta
k/enhancements) update PR(s): https://github.com/kubernetes/enhancements/pull/3949k/k) update PR(s):k/website) update(s): https://github.com/kubernetes/website/pull/42042[x] Stable
k/enhancements) update PR(s): https://github.com/kubernetes/enhancements/pull/4225k/k) update PR(s):k/website) update(s): https://github.com/kubernetes/website/pull/45249Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.