Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extended NodeRestrictions for Pods #1314

Open
tallclair opened this issue Oct 15, 2019 · 53 comments
Open

Extended NodeRestrictions for Pods #1314

tallclair opened this issue Oct 15, 2019 · 53 comments
Assignees
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/auth Categorizes an issue or PR as relevant to SIG Auth. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status

Comments

@tallclair
Copy link
Member

tallclair commented Oct 15, 2019

Enhancement Description

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Oct 15, 2019
@tallclair tallclair added this to the v1.17 milestone Oct 15, 2019
@tallclair tallclair added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Oct 15, 2019
@k8s-ci-robot k8s-ci-robot removed the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Oct 15, 2019
@tallclair tallclair self-assigned this Oct 15, 2019
@neolit123
Copy link
Member

tracking issue for kubeadm:
kubernetes/kubeadm#1835
tracking issue for /cluster addons:
kubernetes/kubernetes#83977

@palnabarun palnabarun added the tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team label Oct 16, 2019
@palnabarun
Copy link
Member

/stage alpha

@k8s-ci-robot k8s-ci-robot added the stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status label Oct 16, 2019
@daminisatya
Copy link

Hello, @tallclair I'm 1.17 docs lead.

Does this enhancement (or the work planned for v1.17) require any new docs (or modifications to existing docs)? If not, can you please update the 1.17 Enhancement Tracker Sheet (or let me know and I'll do so)

If so, just a friendly reminder we're looking for a PR against k/website (branch dev-1.17) due by Friday, November 8th, it can just be a placeholder PR at this time. Let me know if you have any questions!

@tallclair
Copy link
Member Author

Yes, I think this should be highlighted in a short amendment to https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#NodeRestriction

@daminisatya
Copy link

+1 thank you @tallclair

@tallclair
Copy link
Member Author

tallclair commented Nov 1, 2019

Work tracker for alpha in v1.17:

@daminisatya
Copy link

Hi @tallclair,
Just a friendly reminder, We're hoping to have a placeholder Docs PR against k/website (branch dev-1.17) by Friday, Nov 8th. (4 more days left)

@daminisatya
Copy link

Hi @tallclair

Just a friendly reminder, We're hoping to have a placeholder Docs PR against k/website (branch dev-1.17) by Friday, Nov 8th. (2 more days left)

@mrbobbytables
Copy link
Member

👋 @tallclair 1.17 Enhancement lead here -- Just a heads up, an open Docs PR is needed by the end of the day today to remain in the milestone. 😬 If there isn't a PR by EoD, an exception will need to be filed to remain in the 1.17 release.

Please link it here as soon as it's created.

Thanks!

@palnabarun
Copy link
Member

Hi @tallclair ,

Unfortunately the deadline for filing the docs PR has passed. For now, this enhancement is being removed from the milestone and 1.17 tracking sheet.

If you want to still get this is into this release, please file an enhancement exception.

Thanks!

@palnabarun
Copy link
Member

/milestone clear
/tracked no

@k8s-ci-robot k8s-ci-robot removed this from the v1.17 milestone Nov 11, 2019
@palnabarun palnabarun added tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team and removed tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team labels Nov 11, 2019
@tallclair
Copy link
Member Author

I'm not really satisfied with the whitelist mechanism currently proposed on this feature, and with the time crunch & overdue docs, I'm content with removing the feature piece from v1.17.

I will update kubernetes/kubernetes#84657 to remove the feature gated parts (but keep the non-feature gated parts). We can work on refining the labels proposal for v1.18.

/milestone v1.18

@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone Nov 12, 2019
@palnabarun
Copy link
Member

Thank you @tallclair for the updates. I marked this as Deferred in the tracking sheet.

@k8s-ci-robot k8s-ci-robot reopened this May 5, 2021
@k8s-ci-robot
Copy link
Contributor

@ehashman: Reopened this issue.

In response to this:

/remove-lifecycle rotten
/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label May 5, 2021
@k8s-triage-robot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 3, 2021
@enj
Copy link
Member

enj commented Aug 16, 2021

/remove-lifecycle stale

@tallclair what exactly is the state of this KEP? Is the functionality implemented and GA?

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 16, 2021
@tallclair
Copy link
Member Author

Implemented:

  • OwnerReference requirements for mirror pods
  • Metadata update restrictions through pod/status updates

Not implemented:

  • Label restrictions on mirror pods

I'm not satisfied with the label restriction design, but I'm not sufficiently invested in fixing it at this point. If someone is interested in picking it up, I'd be happy to talk through the design, but otherwise I think we should just archive it.

@ritazh
Copy link
Member

ritazh commented Sep 20, 2021

Next step: Need to confirm if there is a KEP contains Label restrictions on mirror pods and remove it or move it to "withdraw"

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 19, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Jan 18, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

@k8s-ci-robot
Copy link
Contributor

@k8s-triage-robot: Closing this issue.

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue or PR with /reopen
  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pacoxu
Copy link
Member

pacoxu commented Aug 25, 2022

/reopen

@k8s-ci-robot k8s-ci-robot reopened this Aug 25, 2022
@k8s-ci-robot
Copy link
Contributor

@pacoxu: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@tallclair
Copy link
Member Author

/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. labels Aug 26, 2022
@enj enj moved this to Closed / Done in SIG Auth Dec 5, 2022
@enj enj added this to SIG Auth Dec 5, 2022
@Atharva-Shinde Atharva-Shinde removed the tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team label May 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. sig/auth Categorizes an issue or PR as relevant to SIG Auth. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status
Projects
Status: Closed / Done
Development

No branches or pull requests