Open PushkarJ opened 10 months ago
/sig security architecture release /area dependency
/assign
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
This is planned to be worked on soon
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
Relevant slack conversation: https://kubernetes.slack.com/archives/C01CUSVMHPY/p1716151527074909
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
Periodics are running for master / HEAD, v1.30, v1.29, v1.28 and v1.27. They are working for master , v1.30 and v1.29. Added a backport fix for v1.28: https://github.com/kubernetes/kubernetes/pull/125772 to maintain n-2 support of releases. Once that is merged and once release team agrees that v1.27 backport is needed or not, we will be done with the work needed to close this issue :)
Big thanks to @ArkaSaha30 for taking this forward to where it is today!
remove-lifecycle rotten
/remove-lifecycle rotten
Description
Run
govulncheck
periodically in default modesymbol
level on https://github.com/kubernetes/kubernetes for:master
branch i.e. HEADstable-version
prev-stable-minor-version
oldest-stable-minor-version
This will allow to get a sense of new vulnerabilities identified and help facilitate decision on cherry picks
Implementation Details
Create a new yaml file here: https://github.com/kubernetes/test-infra/tree/0e5705d1a7cfe4c0ba8e2518a15c26f8ebc1b66d/config/jobs/kubernetes/sig-security named as govulncheck-periodic.yaml that looks something like this:
Tips and Caveats
Parent
95
Periodic Jobs:
https://prow.k8s.io/job-history/gs/kubernetes-jenkins/logs/ci-kubernetes-verify-1-30 https://prow.k8s.io/job-history/gs/kubernetes-jenkins/logs/ci-kubernetes-verify-1-29 https://prow.k8s.io/job-history/gs/kubernetes-jenkins/logs/ci-kubernetes-verify-1-28 https://prow.k8s.io/job-history/gs/kubernetes-jenkins/logs/ci-kubernetes-verify-1-27 https://prow.k8s.io/job-history/gs/kubernetes-jenkins/logs/ci-kubernetes-verify-master
Backport PRs
https://github.com/kubernetes/kubernetes/pull/124750 https://github.com/kubernetes/kubernetes/pull/124751
Links to Release branches script
https://github.com/kubernetes/kubernetes/blob/release-1.27/hack/verify-govulncheck.sh https://github.com/kubernetes/kubernetes/blob/release-1.28/hack/verify-govulncheck.sh https://github.com/kubernetes/kubernetes/blob/release-1.29/hack/verify-govulncheck.sh https://github.com/kubernetes/kubernetes/blob/release-1.30/hack/verify-govulncheck.sh