Comments (18)
idvoretskyi
commented on July 18, 2024
cc @kubernetes/sig-auth
from enhancements.
erictune
commented on July 18, 2024
@soltysh you were interested in this issue too.
from enhancements.
soltysh
commented on July 18, 2024
@erictune thx
from enhancements.
philips
commented on July 18, 2024
Status update: design proposal is merged: kubernetes/kubernetes#27129
from enhancements.
philips
commented on July 18, 2024
Also, @ecordell intends to work on the code for this feature now that the code has been merged. @Q-Lee @erictune @alex-mohr
from enhancements.
philips
commented on July 18, 2024
Updated the PRs for the current implementation kubernetes/kubernetes#30631 and API changes kubernetes/kubernetes#30241. Looks likely to land for v1.4. @Q-Lee and @ecordell how are y'all feeling?
from enhancements.
Q-Lee
commented on July 18, 2024
@philips It's looking good.
@philips The API is being tested in the merge queue atm, and the implementation is close to an lgtm. I'm setting up a test for gce/gci on top of ecordell's changes atm.
from enhancements.
ecordell
commented on July 18, 2024
@philips API is in! I'm hopeful the implementation will go through today
from enhancements.
ecordell
commented on July 18, 2024
kubernetes/kubernetes#30631 is merged
from enhancements.
janetkuo
commented on July 18, 2024
@philips Are the docs ready? Please update the docs in https://github.com/kubernetes/kubernetes.github.io, and then add PR numbers and check the docs box in the issue description
from enhancements.
jaredbhatti
commented on July 18, 2024
Ping. Any update on docs?
from enhancements.
Q-Lee
commented on July 18, 2024
@philips @ecordell What are the plans for the docs with this?
from enhancements.
ecordell
commented on July 18, 2024
@Q-Lee I'll work on them and have a PR soon
from enhancements.
ecordell
commented on July 18, 2024
Docs PR: kubernetes/website#1188
from enhancements.
ecordell
commented on July 18, 2024
For making image policy decisions, it's important that the backend be able to resolve tags to digests so that downstream services see a consistent view of approved images.
I've started sketching the changes here (no tests or codegen):
kubernetes/kubernetes@master...ecordell:imagereviewwebhook-digest
There is some overlap between this and kubernetes/community#132, but mutation is not in the scope of that proposal (simply planned for later).
from enhancements.
fejta-bot
commented on July 18, 2024
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Prevent issues from auto-closing with an /lifecycle frozen comment.
If this issue is safe to close now please do so with /close.
Send feedback to sig-testing, kubernetes/test-infra and/or @fejta.
/lifecycle stale
from enhancements.
erictune
commented on July 18, 2024
I recommend further features requests for image policy first be attempted using validating webhooks.
from enhancements.
saschagrunert
commented on July 18, 2024
Hey folks, what is the future plan for this feature? I see that it may fit into a native sigstore container image validation support for Kubernetes.
from enhancements.
Related Issues (20)
- LoadBalancer Service Status Improvements
- Only allow anonymous auth for configured endpoints. HOT 20
- VolumeSource: OCI Artifact and/or Image HOT 25
- CRI Logging Docs & Spec Inaccurate Example for Partial Logs HOT 5
- Cluster Feature Gate in etcd HOT 1
- StatefulSet Support for Updating Volume Claim Template HOT 4
- Add kubelet instance configuration to configure CRI socket for each node HOT 2
- Guarantee PodDisruptionBudget When Preemption Happens HOT 2
- Gang Scheduling Support in Kubernetes HOT 23
- misspell: add a misspell ignore words HOT 8
- Add Resource Health Status to the Pod Status for Device Plugin and DRA HOT 13
- Deprecate and remove kustomize from kubectl HOT 21
- relationship between --image-gc-high-threshold and imagefs.available HOT 1
- Expose Node labels via downward API HOT 1
- Kubernetes-etcd interface HOT 1
- KEP-4753: Expose `ownerReferences` via `valueFrom` and downward API HOT 1
- Introduce load balancer for client-go HOT 5
- Introduce finalizerProbe for the pods like we have livenessProbe HOT 6
- Keep container ready state after kubelet restarted HOT 1
- Allows setting any FQDN as the pod's hostname HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enhancements.