Comments (18)
cc @kubernetes/sig-auth
from enhancements.
@soltysh you were interested in this issue too.
from enhancements.
@erictune thx
from enhancements.
Status update: design proposal is merged: kubernetes/kubernetes#27129
from enhancements.
Also, @ecordell intends to work on the code for this feature now that the code has been merged. @Q-Lee @erictune @alex-mohr
from enhancements.
Updated the PRs for the current implementation kubernetes/kubernetes#30631 and API changes kubernetes/kubernetes#30241. Looks likely to land for v1.4. @Q-Lee and @ecordell how are y'all feeling?
from enhancements.
@philips It's looking good.
@philips The API is being tested in the merge queue atm, and the implementation is close to an lgtm. I'm setting up a test for gce/gci on top of ecordell's changes atm.
from enhancements.
@philips API is in! I'm hopeful the implementation will go through today
from enhancements.
kubernetes/kubernetes#30631 is merged
from enhancements.
@philips Are the docs ready? Please update the docs in https://github.com/kubernetes/kubernetes.github.io, and then add PR numbers and check the docs box in the issue description
from enhancements.
Ping. Any update on docs?
from enhancements.
@philips @ecordell What are the plans for the docs with this?
from enhancements.
@Q-Lee I'll work on them and have a PR soon
from enhancements.
Docs PR: kubernetes/website#1188
from enhancements.
For making image policy decisions, it's important that the backend be able to resolve tags to digests so that downstream services see a consistent view of approved images.
I've started sketching the changes here (no tests or codegen):
kubernetes/kubernetes@master...ecordell:imagereviewwebhook-digest
There is some overlap between this and kubernetes/community#132, but mutation is not in the scope of that proposal (simply planned for later).
from enhancements.
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
Prevent issues from auto-closing with an /lifecycle frozen
comment.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or @fejta
.
/lifecycle stale
from enhancements.
I recommend further features requests for image policy first be attempted using validating webhooks.
from enhancements.
Hey folks, what is the future plan for this feature? I see that it may fit into a native sigstore container image validation support for Kubernetes.
from enhancements.
Related Issues (20)
- LoadBalancer Service Status Improvements
- Only allow anonymous auth for configured endpoints. HOT 20
- VolumeSource: OCI Artifact and/or Image HOT 25
- CRI Logging Docs & Spec Inaccurate Example for Partial Logs HOT 5
- Cluster Feature Gate in etcd HOT 1
- StatefulSet Support for Updating Volume Claim Template HOT 4
- Add kubelet instance configuration to configure CRI socket for each node HOT 2
- Guarantee PodDisruptionBudget When Preemption Happens HOT 2
- Gang Scheduling Support in Kubernetes HOT 23
- misspell: add a misspell ignore words HOT 8
- Add Resource Health Status to the Pod Status for Device Plugin and DRA HOT 13
- Deprecate and remove kustomize from kubectl HOT 21
- relationship between --image-gc-high-threshold and imagefs.available HOT 1
- Expose Node labels via downward API HOT 1
- Kubernetes-etcd interface HOT 1
- KEP-4753: Expose `ownerReferences` via `valueFrom` and downward API HOT 1
- Introduce load balancer for client-go HOT 5
- Introduce finalizerProbe for the pods like we have livenessProbe HOT 6
- Keep container ready state after kubelet restarted HOT 1
- Allows setting any FQDN as the pod's hostname HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from enhancements.