Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Removal of the SecurityContextDeny admission plugin #3785

Closed
mtardy opened this issue Jan 26, 2023 · 5 comments
Closed

Removal of the SecurityContextDeny admission plugin #3785

mtardy opened this issue Jan 26, 2023 · 5 comments
Labels
sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/security Categorizes an issue or PR as relevant to SIG Security.

Comments

@mtardy
Copy link
Member

mtardy commented Jan 26, 2023

Enhancement Description

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

Footnotes

  1. SecurityContextDeny admission plugin predates KEP. And it has been discussed that it's not worth writing retroactive KEP. Nevertheless, I was suggested by a sig-release person to create an issue here to get a tracking number in order to make it easier for them to follow the advancement.

@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 26, 2023
@mtardy
Copy link
Member Author

mtardy commented Jan 26, 2023

/sig security
/sig auth

@k8s-ci-robot k8s-ci-robot added sig/security Categorizes an issue or PR as relevant to SIG Security. sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jan 26, 2023
@enj
Copy link
Member

enj commented Feb 6, 2023

@mtardy are we targeting v1.27 for this?

@enj
Copy link
Member

enj commented Feb 6, 2023

Actually per kubernetes/kubernetes#111516 (comment) I do not think this needs a KEP.

@enj enj closed this as completed Feb 6, 2023
@mtardy
Copy link
Member Author

mtardy commented Feb 6, 2023

Actually per kubernetes/kubernetes#111516 (comment) I do not think this needs a KEP.

Yes but @gracenng suggested to me that having a KEP number, not a whole KEP would be actually useful for the release team.

@mtardy
Copy link
Member Author

mtardy commented Feb 6, 2023

@mtardy are we targeting v1.27 for this?

Maybe it would be more reasonable to have the first two items from here kubernetes/kubernetes#111516 for v1.27 which were doc update (already merged) and then a warning from the API server when using the plugin, or just creating a Pod when the plugin is enabled (to be merged).

And remove the thing for real in the next releases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/security Categorizes an issue or PR as relevant to SIG Security.
Projects
SIG Auth
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@enj @mtardy @k8s-ci-robot