profile
viewpoint

Ask questionsSeccomp

Description

Seccomp support is providing the ability to define seccomp profiles and configure pods to run with those profiles. This includes the ability control usage of the profiles via PSP as well as maintaining the ability to run as unconfined or with the default container runtime profile.

KEP: sig-node/20190717-seccomp-ga.md Latest PR to update the KEP: #1747

Progress Tracker

  • [x] Alpha
    • [ ] Write and maintain draft quality doc: available in downstream OpenShift https://github.com/openshift/openshift-docs/pull/2975
    • [ ] Design Approval
      • [x] Design Proposal #24602
      • [x] Decide which repo this feature's code will be checked into. Not everything needs to land in the core kubernetes repo. REPO-NAME
      • [x] Initial API review (if API). Maybe same PR as design doc. https://github.com/kubernetes/kubernetes/pull/24602
        • Any code that changes an API (/pkg/apis/...)
        • cc @kubernetes/api
      • [ ] Identify shepherd (your SIG lead and/or kubernetes-pm@googlegroups.com will be able to help you). My Shepherd is: replace.me@replaceme.com (and/or GH Handle)
        • A shepherd is an individual who will help acquaint you with the process of getting your feature into the repo, identify reviewers and provide feedback on the feature. They are not (necessarily) the code reviewer of the feature, or tech lead for the area.
        • The shepherd is not responsible for showing up to Kubernetes-PM meetings and/or communicating if the feature is on-track to make the release goals. That is still your responsibility.
      • [ ] Identify secondary/backup contact point. My Secondary Contact Point is: replace.me@replaceme.com (and/or GH Handle)
    • [ ] Write (code + tests + docs) then get them merged. https://github.com/kubernetes/kubernetes/pull/25324 https://github.com/kubernetes/kubernetes/pull/26710 https://github.com/kubernetes/kubernetes/pull/27036
      • [ ] Code needs to be disabled by default. Verified by code OWNERS
      • [x] Minimal testing: limited e2e tests https://github.com/kubernetes/kubernetes/blob/33ebe1f18b9cf5909931376f656e19e80ac9ac1c/test/e2e/security_context.go#L110
      • [ ] Minimal docs
        • cc @kubernetes/docs on docs PR
        • cc @kubernetes/feature-reviewers on this issue to get approval before checking this off
        • New apis: Glossary Section Item in the docs repo: kubernetes/kubernetes.github.io
      • [x] Update release notes https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md/#changes-since-v130-alpha4
  • [ ] Beta
    • [ ] Testing is sufficient for beta
    • [ ] User docs with tutorials
      • Updated walkthrough / tutorial in the docs repo: kubernetes/kubernetes.github.io
      • cc @kubernetes/docs on docs PR
      • cc @kubernetes/feature-reviewers on this issue to get approval before checking this off
    • [ ] Thorough API review
      • cc @kubernetes/api
  • [ ] Stable
    • [ ] docs/proposals/foo.md moved to docs/design/foo.md
      • cc @kubernetes/feature-reviewers on this issue to get approval before checking this off
    • [ ] Soak, load testing
    • [ ] detailed user docs and examples
      • cc @kubernetes/docs
      • cc @kubernetes/feature-reviewers on this issue to get approval before checking this off

FEATURE_STATUS is used for feature tracking and to be updated by @kubernetes/feature-reviewers. FEATURE_STATUS: IN_DEVELOPMENT

More advice:

Design

  • Once you get LGTM from a @kubernetes/feature-reviewers member, you can check this checkbox, and the reviewer will apply the "design-complete" label.

Coding

  • Use as many PRs as you need. Write tests in the same or different PRs, as is convenient for you.
  • As each PR is merged, add a comment to this issue referencing the PRs. Code goes in the http://github.com/kubernetes/kubernetes repository, and sometimes http://github.com/kubernetes/contrib, or other repos.
  • When you are done with the code, apply the "code-complete" label.
  • When the feature has user docs, please add a comment mentioning @kubernetes/feature-reviewers and they will check that the code matches the proposed feature and design, and that everything is done, and that there is adequate testing. They won't do detailed code review: that already happened when your PRs were reviewed. When that is done, you can check this box and the reviewer will apply the "code-complete" label.

Docs

  • [ ] Write user docs and get them merged in.
  • User docs go into http://github.com/kubernetes/kubernetes.github.io.
  • When the feature has user docs, please add a comment mentioning @kubernetes/docs.
  • When you get LGTM, you can check this checkbox, and the reviewer will apply the "docs-complete" label.
kubernetes/enhancements

Answer questions palnabarun

@pjbgf -- Can you please link to all the implementation PR's here - k/k or otherwise? :slightly_smiling_face:


The current release schedule is:

  • ~Monday, April 13: Week 1 - Release cycle begins~
  • ~Tuesday, May 19: Week 6 - Enhancements Freeze~
  • Thursday, June 25: Week 11 - Code Freeze
  • Thursday, July 9: Week 14 - Docs must be completed and reviewed
  • Tuesday, August 4: Week 17 - Kubernetes v1.19.0 released
useful!

Related questions

No questions were found.
Github User Rank List