Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP for promoting AppArmor to GA #1444

Closed
wants to merge 1 commit into from
Closed

KEP for promoting AppArmor to GA #1444

wants to merge 1 commit into from

Conversation

saschagrunert
Copy link
Member

This is the first draft of promoting AppArmor to GA

Relates to: #24
Analogous to: #1148

/cc @timothysc

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/node Categorizes an issue or PR as relevant to SIG Node. labels Jan 10, 2020
@saschagrunert saschagrunert mentioned this pull request Jan 10, 2020
Open
19 tasks
@saschagrunert
Copy link
Member Author

This is ready for a first rough review, if you have some cycles @kubernetes/sig-node-proposals

@k8s-ci-robot k8s-ci-robot added the kind/design Categorizes issue or PR as related to design. label Jan 10, 2020
@evrardjp
Copy link

Awesome to push that forward! I will have a read as soon as I can.

@tallclair tallclair self-assigned this Jan 10, 2020
@onlydole
Copy link
Member

I'd love to help with the work defined in this KEP! I’ll keep my eyes on the threads 👀

@timothysc timothysc removed their request for review January 13, 2020 22:08
@saschagrunert
Copy link
Member Author

Hey @timothysc, do you think we can target this KEP for 1.19? I think it would be a good fit and I can allocate some resources on my side to work on this.

@BenTheElder
Copy link
Member

re: #1444 (comment)

just curious, are those tests running as release blockers or release informers?

informing https://testgrid.k8s.io/sig-release-master-informing#node-kubelet-features

[moving my comment, it turns out if you have any existing review comments you are a reviewer forever, which puts the PR on gubernator.k8s.io/pr, I do not intend to review this PR currently]

@tallclair
Copy link
Member

The original plan was to wait to figure out how to get seccomp to GA before moving forward with this PR. However, there are a couple things that make Apparmor easier to move to GA:

  1. The annotations are immutable (although the PSC annotations are not)
  2. I don't think we need to deprecate localhost profiles

Given that, I think it's feasible to get this to GA for v1.19. I'm happy to be a reviewer, but I think you also need to get an api machinery API reviewer for some of the corner cases around the conversions. @liggitt was the reviewer on the seccomp to GA KEP, but I don't know whether he has time to take this on for v1.19

tallclair
tallclair reviewed Apr 7, 2020
View reviewed changes
Copy link
Member

@tallclair tallclair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly comments about updating this to be inline with the latest seccomp proposal changes.

@saschagrunert saschagrunert force-pushed the apparmor-ga branch 2 times, most recently from d9a5b48 to 296b938 Compare April 9, 2020 09:24
@saschagrunert
Copy link
Member Author

The original plan was to wait to figure out how to get seccomp to GA before moving forward with this PR. However, there are a couple things that make Apparmor easier to move to GA:

  1. The annotations are immutable (although the PSC annotations are not)
  2. I don't think we need to deprecate localhost profiles

Given that, I think it's feasible to get this to GA for v1.19. I'm happy to be a reviewer, but I think you also need to get an api machinery API reviewer for some of the corner cases around the conversions. @liggitt was the reviewer on the seccomp to GA KEP, but I don't know whether he has time to take this on for v1.19

Thank you for the review! I implemented most of your suggestions. @liggitt do you think we can move forward with this one?

@liggitt
Copy link
Member

liggitt commented Apr 17, 2020

I'm focusing on other GA efforts in 1.19 (CSR, Ingress, conformance without beta, deprecating beta APIs, and informing users and admins about deprecated API use) and don't have capacity to shepherd this for 1.19.

pjbgf
pjbgf reviewed May 20, 2020
View reviewed changes
Copy link
Member

@pjbgf pjbgf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@saschagrunert I added a few points based on the recent changes to Seccomp GA KEP.

@k8s-ci-robot k8s-ci-robot added the sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. label May 25, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 23, 2020
@saschagrunert
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 23, 2020
@k8s-ci-robot k8s-ci-robot removed the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Aug 24, 2020
@saschagrunert
Copy link
Member Author

@saschagrunert I agree we need to get this done, and I am happy to pick it up.

Thank you! Updated the KEP metadata.

@saschagrunert
Add AppArmor GA KEP
685e057 
Signed-off-by: Sascha Grunert <[email protected]>
Signed-off-by: Sascha Grunert <[email protected]>
@tallclair tallclair removed the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Jun 2, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 31, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Sep 30, 2021
@pjbgf
Copy link
Member

pjbgf commented Oct 4, 2021

/remove-lifecycle rotten
/help

Unfortunately I had no capacity in the last while to work on this. So it would be great if someone else could pick it up and move it forward.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Oct 4, 2021
@pjbgf pjbgf removed their assignment Oct 4, 2021
@MadhavJivrajani
Copy link
Contributor

/remove-kind design
/kind feature
kind/design is migrated to kind/feature, see kubernetes/community#6144 for more details

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. and removed kind/design Categorizes issue or PR as related to design. labels Oct 11, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 9, 2022
@pjbgf
Copy link
Member

pjbgf commented Jan 11, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 11, 2022
@PushkarJ
Copy link
Member

I have added this as an agenda item for next week's SIG Security meeting to discuss and possibly find an owner to drive this. Will update the thread here after the discussion.

@PushkarJ PushkarJ mentioned this pull request Mar 23, 2022
Closed
@mccormickt
Copy link

I have added this as an agenda item for next week's SIG Security meeting to discuss and possibly find an owner to drive this. Will update the thread here after the discussion.

Thanks @PushkarJ! I'm happy to jump in and help drive this effort.

@mccormickt mccormickt mentioned this pull request May 7, 2022
Closed
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jul 7, 2022
@kikisdeliveryservice
Copy link
Member

@jan0ski since #3298 supersedes this PR could you close this one?

@k8s-ci-robot
Copy link
Contributor

@mccormickt: Closed this PR.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@mccormickt
Copy link

/close

ingvagabund pushed a commit to ingvagabund/enhancements that referenced this pull request Feb 26, 2025
@openshift-ci
Merge pull request kubernetes#1444 from mtulio/splat-653-localzones-u…
d9489e9 
…pdate

SPLAT-653: Updates in installer/aws-localzones
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@evrardjp evrardjp evrardjp left review comments

@pjbgf pjbgf pjbgf approved these changes

@kikisdeliveryservice kikisdeliveryservice kikisdeliveryservice left review comments

@aojea aojea aojea left review comments

@tallclair tallclair tallclair left review comments

@hasheddan hasheddan hasheddan left review comments

Assignees

@liggitt liggitt

@derekwaynecarr derekwaynecarr

@dchen1107 dchen1107

@tallclair tallclair

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/node Categorizes an issue or PR as relevant to SIG Node. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
SIG Node: code and documentation PRs
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.