profile
viewpoint
Christoph Blecker cblecker Red Hat BC, Canada I fight for the users. | maintainer/steering, @kubernetes | sre, @openshift | he/him/his

cblecker/cloudshell-dotfiles 2

This is a series of scripts and dotfiles for use with Google Cloud Shell.

cblecker/findowner 1

Tool to dig through GitHub history to generate Kubernetes OWNERS files

cblecker/arkse 0

Docker image for ARK: Survival Evolved

cblecker/aws-account-operator 0

Operator to manage pool of AWS accounts for Hive

cblecker/aws-efs-operator 0

Operator to manage AWS EFS on OpenShift

cblecker/bin 0

A collection of utilities for developing and running GitHub Actions

cblecker/brew 0

🍺 The missing package manager for macOS

issue commentkubernetes/org

REQUEST: New membership for wangshiqi308

/assign @nikhita

wangshiqi308

comment created time in 2 hours

issue commentkubernetes/org

Establish repo for artifact promotion configurations

+1 in principle, will look deeper early next week

justaugustus

comment created time in 3 hours

issue commentkubernetes/k8s.io

Improve the accessibility of k8s.io domains in China

/lifecycle frozen

idealhack

comment created time in 3 hours

push eventkubernetes/k8s.io

Stephen Augustus

commit sha 6907e2c5ecab9cc0c0070e029952ee9dcb5023ce

releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5) Signed-off-by: Stephen Augustus <saugustus@vmware.com>

view details

Kubernetes Prow Robot

commit sha abea07ed5ffe6b95f8af264af35e11723beb90b6

Merge pull request #1449 from justaugustus/go-promo releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5)

view details

push time in 4 hours

PR merged kubernetes/k8s.io

Reviewers
releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5) approved area/artifacts area/release-eng cncf-cla: yes lgtm sig/release size/XS wg/k8s-infra

Promotion PR for https://github.com/kubernetes/release/pull/1780. Part of https://github.com/kubernetes/release/issues/1651

Signed-off-by: Stephen Augustus saugustus@vmware.com

/assign @hasheddan cc: @kubernetes/release-engineering

+1 -0

1 comment

1 changed file

justaugustus

pr closed time in 4 hours

pull request commentkubernetes/k8s.io

releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5)

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/k8s.io/pull/1449#pullrequestreview-537025424" title="LGTM">hasheddan</a>, <a href="https://github.com/kubernetes/k8s.io/pull/1449#" title="Author self-approved">justaugustus</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

justaugustus

comment created time in 4 hours

pull request commentkubernetes/k8s.io

releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5)

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/kubernetes/k8s.io/pull/1449#" title="Author self-approved">justaugustus</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

justaugustus

comment created time in 4 hours

PR opened kubernetes/k8s.io

releng: Promote go-runner:buster-v2.2.2 (built using go1.15.5)

Promotion PR for https://github.com/kubernetes/release/pull/1780. Part of https://github.com/kubernetes/release/issues/1651

Signed-off-by: Stephen Augustus saugustus@vmware.com

/assign @hasheddan cc: @kubernetes/release-engineering

+1 -0

0 comment

1 changed file

pr created time in 4 hours

pull request commentopenshift/managed-cluster-config

Cssre 1384 rhoam rbac

The following users are mentioned in OWNERS file(s) but are untrusted for the following reasons. One way to make the user trusted is to add them as members of the openshift org. You can then trigger verification by writing /verify-owners in a comment.

  • mfreer
    • User is not a member of the org. User is not a collaborator. Satisfy at least one of these conditions to make the user trusted.
  • hlipsig
    • User is not a member of the org. User is not a collaborator. Satisfy at least one of these conditions to make the user trusted.
  • rananda
    • User is not a member of the org. User is not a collaborator. Satisfy at least one of these conditions to make the user trusted.
mciccone

comment created time in 7 hours

issue commentkubernetes/k8s.io

Investigate creating prow build cluster as a private build cluster

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale

spiffxp

comment created time in 7 hours

issue commentkubernetes/org

Establish repo for artifact promotion configurations

Approval request sent to SIG Arch ML: https://groups.google.com/g/kubernetes-sig-architecture/c/3HsF1zF0aP4

justaugustus

comment created time in 8 hours

issue commentkubernetes/org

Establish repo for artifact promotion configurations

even if just for better notifications

My kingdom for more focused notifications!

justaugustus

comment created time in 8 hours

PR closed openshift/sre-ssh-proxy-container

Reviewers
Osd 3601 sshd authorize keys builder needs-rebase

now the groups to be searched can be passed by command line. Outputs ssh key files for all groups, and SSS with those keys mounted.

+38 -19

2 comments

2 changed files

luis-falcon

pr closed time in 9 hours

issue commentkubernetes/org

Establish repo for artifact promotion configurations

IMO having a dedicated repo for this is a win, even if just for better notifications

justaugustus

comment created time in 9 hours

push eventopenshift/managed-cluster-config

Karthik Perumal

commit sha 03b1f684ab8101e51bf174992aabdcd62b6c5b6f

Do not allow backplane SREP users to access token/secret sensitive data in the cluster-admin namespace

view details

Karthik Perumal

commit sha ec5f6e43660e37677e5da630a2bd46cbf76b0e98

on push: make generate-hive-templates

view details

OpenShift Merge Robot

commit sha 9d54e8dea78e4cd22f4fc03ec09a7ab0cf9e3830

Merge pull request #564 from karthikperu7/backplane-perm Do not allow backplane SREP users to access token/secret sensitive data in the cluster-admin namespace

view details

push time in 9 hours

PR merged openshift/managed-cluster-config

Reviewers
Do not allow backplane SREP users to access token/secret sensitive data in the cluster-admin namespace approved lgtm

https://issues.redhat.com/browse/OSD-5896

Srep should not be able to access sa tokens (from openshift-backplane-cluster-admin) which could potentially allow them to perform elevated actions without auditing/approval/paper-trail. This PR is to block that.

+4 -0

5 comments

4 changed files

karthikperu7

pr closed time in 9 hours

pull request commentopenshift/managed-cluster-config

Do not allow backplane SREP users to access token/secret sensitive data in the cluster-admin namespace

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/openshift/managed-cluster-config/pull/564#" title="Author self-approved">karthikperu7</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/564#issuecomment-732435879" title="Approved">rogbas</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/564#issuecomment-731933761" title="LGTM">wanghaoran1988</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

karthikperu7

comment created time in 9 hours

issue commentkubernetes/org

Establish repo for artifact promotion configurations

@justaugustus: The label(s) area/release-eng, area/artifacts cannot be applied, because the repository doesn't have them

<details>

In response to this:

New Repo, Staging Repo, or migrate existing

Migrate existing

Requested name for new repository

https://github.com/justaugustus/artifacts

Which Organization should it reside

kubernetes

If not a staging repo, who should have admin access

 artifact-approvers:
   - bartsmykla # WG K8s Infra Lead
   - dims # WG K8s Infra Lead
   - hasheddan # subproject owner / Release Manager / SIG Technical Lead
   - justaugustus # subproject owner / Release Manager / SIG Chair
   - listx # Container image promoter admin
   - saschagrunert # subproject owner / Release Manager / SIG Chair
   - spiffxp # WG K8s Infra Lead
   - thockin # Container image promoter admin

ref: https://github.com/justaugustus/artifacts/blob/ba6bd79ce72ddcca7fb60c89e8e2612945761989/OWNERS_ALIASES#L5-L13

If not a staging repo, who should have write access

 artifact-reviewers:
   - bartsmykla # WG K8s Infra Lead
   - dims # WG K8s Infra Lead
   - hasheddan # subproject owner / Release Manager / SIG Technical Lead
   - justaugustus # subproject owner / Release Manager / SIG Chair
   - listx # Container image promoter admin
   - saschagrunert # subproject owner / Release Manager / SIG Chair
   - spiffxp # WG K8s Infra Lead
   - thockin # Container image promoter admin

ref: https://github.com/justaugustus/artifacts/blob/ba6bd79ce72ddcca7fb60c89e8e2612945761989/OWNERS_ALIASES#L14-L22

If not a staging repo, who should be listed as approvers in OWNERS

Already configured: https://github.com/justaugustus/artifacts/pull/1

If not a staging repo, who should be listed in SECURITY_CONTACTS

Already configured: https://github.com/justaugustus/artifacts/pull/1

What should the repo description be

Already set: Kubernetes artifact promotion configurations

What SIG and subproject does this fall under in sigs.yaml

This is part of the @kubernetes/release-engineering subproject of @kubernetes/sig-release.

Approvals

This is a core repository which will require approval from @kubernetes/sig-architecture-leads.

I'm opening this to start the approvals process and will follow-up with a note to SIG Arch's ML.

Additional context for request

Initially suggested by @thockin in https://kubernetes.slack.com/archives/CCK68P2Q2/p1603987072094400.

tl;dr of that conversation was as we wrap up the "first phase" of the image promotion process (https://github.com/kubernetes/k8s.io/issues/157), we can consider "the keys" transferred when senior Release Managers can manage artifact promotion and handle incidents.

As part of that, we should shift the artifact promotion configurations over to Release Engineering and establish a new repo for that.

For SIG Arch: /assign @dims @johnbelamaric @derekwaynecarr

For GH Administration: /assign @nikhita @mrbobbytables

cc: @kubernetes/sig-release-leads /sig release architecture /area release-eng artifacts /wg k8s-infra

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. </details>

justaugustus

comment created time in 9 hours

issue openedkubernetes/org

Establish repo for artifact promotion configurations

New Repo, Staging Repo, or migrate existing

Migrate existing

Requested name for new repository

https://github.com/justaugustus/artifacts

Which Organization should it reside

kubernetes

If not a staging repo, who should have admin access

  artifact-approvers:
    - bartsmykla # WG K8s Infra Lead
    - dims # WG K8s Infra Lead
    - hasheddan # subproject owner / Release Manager / SIG Technical Lead
    - justaugustus # subproject owner / Release Manager / SIG Chair
    - listx # Container image promoter admin
    - saschagrunert # subproject owner / Release Manager / SIG Chair
    - spiffxp # WG K8s Infra Lead
    - thockin # Container image promoter admin

ref: https://github.com/justaugustus/artifacts/blob/ba6bd79ce72ddcca7fb60c89e8e2612945761989/OWNERS_ALIASES#L5-L13

If not a staging repo, who should have write access

  artifact-reviewers:
    - bartsmykla # WG K8s Infra Lead
    - dims # WG K8s Infra Lead
    - hasheddan # subproject owner / Release Manager / SIG Technical Lead
    - justaugustus # subproject owner / Release Manager / SIG Chair
    - listx # Container image promoter admin
    - saschagrunert # subproject owner / Release Manager / SIG Chair
    - spiffxp # WG K8s Infra Lead
    - thockin # Container image promoter admin

ref: https://github.com/justaugustus/artifacts/blob/ba6bd79ce72ddcca7fb60c89e8e2612945761989/OWNERS_ALIASES#L14-L22

If not a staging repo, who should be listed as approvers in OWNERS

Already configured: https://github.com/justaugustus/artifacts/pull/1

If not a staging repo, who should be listed in SECURITY_CONTACTS

Already configured: https://github.com/justaugustus/artifacts/pull/1

What should the repo description be

Already set: Kubernetes artifact promotion configurations

What SIG and subproject does this fall under in sigs.yaml

This is part of the @kubernetes/release-engineering subproject of @kubernetes/sig-release.

Approvals

This is a core repository which will require approval from @kubernetes/sig-architecture-leads.

I'm opening this to start the approvals process and will follow-up with a note to SIG Arch's ML.

Additional context for request

Initially suggested by @thockin in https://kubernetes.slack.com/archives/CCK68P2Q2/p1603987072094400.

tl;dr of that conversation was as we wrap up the "first phase" of the image promotion process (https://github.com/kubernetes/k8s.io/issues/157), we can consider "the keys" transferred when senior Release Managers can manage artifact promotion and handle incidents.

As part of that, we should shift the artifact promotion configurations over to Release Engineering and establish a new repo for that.

For SIG Arch: /assign @dims @johnbelamaric @derekwaynecarr

For GH Administration: /assign @nikhita @mrbobbytables

cc: @kubernetes/sig-release-leads /sig release architecture /area release-eng artifacts /wg k8s-infra

created time in 9 hours

issue commentkubernetes/org

REQUEST: New membership for cmurphy (kubernetes-sigs)

Yep yep, huge +1 from my side, too! 😊

cmurphy

comment created time in 10 hours

issue commentkubernetes/org

REQUEST: New membership for cmurphy (kubernetes-sigs)

I support adding @cmurphy as a @kubernetes-sigs member!

cmurphy

comment created time in 10 hours

issue openedkubernetes/org

REQUEST: New membership for cmurphy (kubernetes-sigs)

GitHub Username

@cmurphy

Organization you are requesting membership in

@kubernetes-sigs

Requirements

  • [x] I have reviewed the community membership guidelines (https://git.k8s.io/community/community-membership.md)
  • [x] I have enabled 2FA on my GitHub account (https://github.com/settings/security)
  • [x] I have subscribed to the kubernetes-dev e-mail list (https://groups.google.com/forum/#!forum/kubernetes-dev)
  • [x] I am actively contributing to 1 or more Kubernetes subprojects
  • [x] I have two sponsors that meet the sponsor requirements listed in the community membership guidelines
  • [x] I have spoken to my sponsors ahead of this application, and they have agreed to sponsor my application

Sponsors

  • @saschagrunert
  • @hasheddan

List of contributions to the Kubernetes project

  • PRs reviewed / authored
    • https://github.com/kubernetes-sigs/security-profiles-operator/pulls?q=is%3Amerged+is%3Apr+author%3Acmurphy+
  • Issues responded to
    • https://github.com/kubernetes-sigs/security-profiles-operator/issues/150
    • https://github.com/kubernetes-sigs/security-profiles-operator/issues/135
    • https://github.com/kubernetes-sigs/security-profiles-operator/issues/131
    • https://github.com/kubernetes-sigs/security-profiles-operator/issues/117
    • https://github.com/kubernetes-sigs/security-profiles-operator/issues/106
  • SIG projects I am involved with
    • https://github.com/kubernetes-sigs/security-profiles-operator

created time in 10 hours

push eventopenshift/managed-cluster-config

Taylor Fahlman

commit sha a319afe16f188de8e5a46231ae7b5666272c207b

Patch cluster Ingress.config to enable HTTP/2

view details

Taylor Fahlman

commit sha 21cbfe704c6803dbe8f72683badcd0ed15b4b969

Limit to 4.5+

view details

OpenShift Merge Robot

commit sha 576c5eef255e39e029e64660182f045762998db6

Merge pull request #565 from fahlmant/OSD-5521 Patch cluster Ingress.config to enable HTTP/2

view details

push time in 10 hours

PR merged openshift/managed-cluster-config

Reviewers
Patch cluster Ingress.config to enable HTTP/2 approved lgtm

Enable HTTP/2

Reference OSD-5521 https://issues.redhat.com/browse/OSD-5521

+99 -0

9 comments

5 changed files

fahlmant

pr closed time in 10 hours

pull request commentopenshift/managed-cluster-config

Patch cluster Ingress.config to enable HTTP/2

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/openshift/managed-cluster-config/pull/565#issuecomment-732413828" title="Approved">cblecker</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/565#" title="Author self-approved">fahlmant</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/565#issuecomment-732414221" title="LGTM">jharrington22</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/565#issuecomment-732413911" title="LGTM">rogbas</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

  • OWNERS [cblecker,jharrington22,rogbas]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

fahlmant

comment created time in 10 hours

pull request commentopenshift/managed-cluster-config

Patch cluster Ingress.config to enable HTTP/2

/hold cancel

fahlmant

comment created time in 10 hours

pull request commentopenshift/managed-cluster-config

Patch cluster Ingress.config to enable HTTP/2

/lgtm

fahlmant

comment created time in 10 hours

pull request commentopenshift/managed-cluster-config

Patch cluster Ingress.config to enable HTTP/2

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: <a href="https://github.com/openshift/managed-cluster-config/pull/565#issuecomment-732413828" title="Approved">cblecker</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/565#" title="Author self-approved">fahlmant</a>, <a href="https://github.com/openshift/managed-cluster-config/pull/565#issuecomment-732413911" title="LGTM">rogbas</a>

The full list of commands accepted by this bot can be found here.

The pull request process is described here

<details > Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment </details> <!-- META={"approvers":[]} -->

fahlmant

comment created time in 10 hours

more