-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Seccomp #135
Comments
@derekwaynecarr @sttts @erictune didn't see an issue for this but it is already in alpha. Creating this as the reminder to push it through to beta and stable. @sttts could you provide the appropriate links to docs and PRs? I think you are closest to this code. |
@pweil- @derekwaynecarr please, confirm that this feature has to be set with 1.6 milestone. |
@idvoretskyi we target to move it to beta for 1.6. |
@sttts thanks. |
Looks like this is still alpha: https://github.com/kubernetes/community/blob/master/contributors/design-proposals/seccomp.md And I couldn't find any documentation on kubernetes.io/docs. |
@pweil- any updates for 1.8? Is this feature still on track for the release? |
@idvoretskyi this was not a priority for 1.8. @php-coder can you add a card to this for our PM planning? We need to stop letting this fall through the cracks and get it moved to beta and GA. |
@pweil- if this feature is not planned for 1.8 - please, update the milestone with the "next-milestone" or "1.9" |
I'd like to see this get to beta. Priorities (or requirements) for that include:
Is anyone interested in driving this work for the 1.9 (or 1.10) milestone? @jessfraz @kubernetes/sig-auth-feature-requests and @kubernetes/sig-node-feature-requests I'm looking at you 😉 Also relevant: kubernetes/community#660 (do we need to settle the decisions in that PR before proceeding?) |
/cc @destijl |
If someone has time and wants to do it they are more than welcome to and I
will help answer any questions
…On Sep 22, 2017 20:54, "Tim Allclair (St. Clair)" ***@***.***> wrote:
/cc @destijl <https://github.com/destijl>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#135 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABYNbDldlrwbOP75Y2AKM-bUFLnwrq0eks5slFbcgaJpZM4KgBy_>
.
|
ok I will update the proposal and start on this tomorrow if no one else will ;) |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
/lifecycle frozen @pjbgf @saschagrunert Are we just keeping this open to track the annotation removal at this point? I think the only remaining task is to stop copying annotations to fields, in v1.27? |
Yep, exactly let's keep it open to track this last point. |
I assume that we're now aim to close out this one for 1.27 (kubernetes/kubernetes#91286 (comment)). |
This can be considered as done now. |
Is this definitely done? It looks like the docs might not be finished. |
We should document all features that graduate to GA. I think that's especially important for security controls. to track the remaining work. |
@sftim: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@saschagrunert @tallclair @sftim What are the action items for 1.32 for this feature? |
I think seccomp is stable; I reopened this because we want GA-quality docs (I assume we do). However, docs are continuously delivered so no need to make 1.32 plans around documentation Pages / sections we might update:
I know that AppArmor is also underdocumented, however whether or not AppArmor is well documented, we should add a bit more detail about what goes into the |
I guess we can update https://kubernetes.io/docs/reference/node to contain a seccomp page. We also have https://kubernetes.io/docs/tutorials/security/seccomp |
Since this is stable, can you create issues in k8s/website to enhance docs for this? /close |
@kannon92: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
I'm loth to see KEPs closed without staffing work that should have been done before graduation, but I can't force the issue. |
Doing that work isn't a priority for me. Happy for someone else to. |
Opened kubernetes/website#47687 to track the work. |
Description
Seccomp support is providing the ability to define seccomp profiles and configure pods to run with those profiles. This includes the ability control usage of the profiles via PSP as well as maintaining the ability to run as unconfined or with the default container runtime profile.
KEP: sig-node/20190717-seccomp-ga.md
Latest PR to update the KEP: #1747
Progress Tracker
/pkg/apis/...
)@kubernetes/api
Code needs to be disabled by default. Verified by code OWNERS@kubernetes/docs
on docs PR@kubernetes/feature-reviewers
on this issue to get approval before checking this off@kubernetes/docs
on docs PR@kubernetes/feature-reviewers
on this issue to get approval before checking this off@kubernetes/api
@kubernetes/feature-reviewers
on this issue to get approval before checking this off@kubernetes/docs
@kubernetes/feature-reviewers
on this issue to get approval before checking this offFEATURE_STATUS is used for feature tracking and to be updated by
@kubernetes/feature-reviewers
.FEATURE_STATUS: IN_DEVELOPMENT
More advice:
Design
@kubernetes/feature-reviewers
member, you can check this checkbox, and the reviewer will apply the "design-complete" label.Coding
and sometimes http://github.com/kubernetes/contrib, or other repos.
@kubernetes/feature-reviewers
and they willcheck that the code matches the proposed feature and design, and that everything is done, and that there is adequate
testing. They won't do detailed code review: that already happened when your PRs were reviewed.
When that is done, you can check this box and the reviewer will apply the "code-complete" label.
Docs
@kubernetes/docs
.The text was updated successfully, but these errors were encountered: