diff --git a/keps/sig-cli/0008-kustomize.md b/keps/sig-cli/2377-Kustomize/README.md similarity index 96% rename from keps/sig-cli/0008-kustomize.md rename to keps/sig-cli/2377-Kustomize/README.md index 0e97e3fc266..af46ded482a 100644 --- a/keps/sig-cli/0008-kustomize.md +++ b/keps/sig-cli/2377-Kustomize/README.md @@ -1,27 +1,3 @@ ---- -title: Kustomize -authors: - - "@pwittrock" - - "@monopole" -owning-sig: sig-cli -participating-sigs: - - sig-cli -reviewers: - - "@droot" -approvers: - - "@soltysh" -editor: "@droot" -creation-date: 2018-05-05 -last-updated: 2019-01-09 -status: implemented -see-also: - - n/a -replaces: - - kinflate # Old name for kustomize -superseded-by: - - "kustomize-subbcommand-integration.md" ---- - # Kustomize ## Table of Contents diff --git a/keps/sig-cli/2377-Kustomize/kep.yaml b/keps/sig-cli/2377-Kustomize/kep.yaml new file mode 100644 index 00000000000..ad46747764e --- /dev/null +++ b/keps/sig-cli/2377-Kustomize/kep.yaml @@ -0,0 +1,22 @@ +title: Kustomize +kep-number: 2377 +authors: + - "@pwittrock" + - "@monopole" +owning-sig: sig-cli +participating-sigs: + - sig-cli +reviewers: + - "@droot" +approvers: + - "@soltysh" +editor: "@droot" +creation-date: 2018-05-05 +last-updated: 2019-01-09 +status: implemented +see-also: + - n/a +replaces: + - kinflate # Old name for kustomize +superseded-by: + - "/keps/sig-cli/2386-kustomize-subcommand-integration/" diff --git a/keps/sig-cli/0024-kubectl-plugins.md b/keps/sig-cli/2379-kubectl-plugins/README.md similarity index 95% rename from keps/sig-cli/0024-kubectl-plugins.md rename to keps/sig-cli/2379-kubectl-plugins/README.md index 1e5c64a6760..a962fd34a01 100644 --- a/keps/sig-cli/0024-kubectl-plugins.md +++ b/keps/sig-cli/2379-kubectl-plugins/README.md @@ -1,30 +1,4 @@ ---- -title: Kubectl Plugins -authors: - - "@juanvallejo" -owning-sig: sig-cli -participating-sigs: - - sig-cli -reviewers: - - "@pwittrock" - - "@deads2k" - - "@liggitt" - - "@soltysh" -approvers: - - "@pwittrock" - - "@soltysh" -editor: juanvallejo -creation-date: 2018-07-24 -last-updated: 2010-02-26 -status: implemented -see-also: - - n/a -replaces: - - "https://github.com/kubernetes/community/blob/master/contributors/design-proposals/cli/kubectl-extension.md" - - "https://github.com/kubernetes/community/pull/481" -superseded-by: - - n/a ---- + # Kubectl Plugins diff --git a/keps/sig-cli/2379-kubectl-plugins/kep.yaml b/keps/sig-cli/2379-kubectl-plugins/kep.yaml new file mode 100644 index 00000000000..7b8ee20325e --- /dev/null +++ b/keps/sig-cli/2379-kubectl-plugins/kep.yaml @@ -0,0 +1,26 @@ +title: Kubectl Plugins +kep-number: 2379 +authors: + - "@juanvallejo" +owning-sig: sig-cli +participating-sigs: + - sig-cli +reviewers: + - "@pwittrock" + - "@deads2k" + - "@liggitt" + - "@soltysh" +approvers: + - "@pwittrock" + - "@soltysh" +editor: juanvallejo +creation-date: 2018-07-24 +last-updated: 2010-02-26 +status: implemented +see-also: + - n/a +replaces: + - "https://github.com/kubernetes/community/blob/master/contributors/design-proposals/cli/kubectl-extension.md" + - "https://github.com/kubernetes/community/pull/481" +superseded-by: + - n/a diff --git a/keps/sig-cli/0032-datadrivencommands.md b/keps/sig-cli/2380-data-driven-commands-for-kubectl/README.md similarity index 97% rename from keps/sig-cli/0032-datadrivencommands.md rename to keps/sig-cli/2380-data-driven-commands-for-kubectl/README.md index ff4236218de..fa67494de4b 100644 --- a/keps/sig-cli/0032-datadrivencommands.md +++ b/keps/sig-cli/2380-data-driven-commands-for-kubectl/README.md @@ -1,23 +1,4 @@ ---- -title: Data Driven Commands for Kubectl -authors: - - "@pwittrock" -owning-sig: sig-cli -participating-sigs: -reviewers: - - "@soltysh" - - "@juanvallejo" - - "@seans3 " -approvers: - - "@soltysh" -editor: TBD -creation-date: 2018-11-13 -last-updated: 2018-11-13 -status: provisional -see-also: -replaces: -superseded-by: ---- + # data driven commands @@ -313,7 +294,7 @@ type Command struct { Deprecated string `json:"deprecated,omitempty"` // Flags are the command line flags. - // + // // Flags are used by the client to expose command line flags to users and populate the Request go-templates // with the user provided values. // diff --git a/keps/sig-cli/2380-data-driven-commands-for-kubectl/kep.yaml b/keps/sig-cli/2380-data-driven-commands-for-kubectl/kep.yaml new file mode 100644 index 00000000000..c64ccb49d01 --- /dev/null +++ b/keps/sig-cli/2380-data-driven-commands-for-kubectl/kep.yaml @@ -0,0 +1,19 @@ +title: Data Driven Commands for Kubectl +kep-number: 2380 +authors: + - "@pwittrock" +owning-sig: sig-cli +participating-sigs: +reviewers: + - "@soltysh" + - "@juanvallejo" + - "@seans3 " +approvers: + - "@soltysh" +editor: TBD +creation-date: 2018-11-13 +last-updated: 2018-11-13 +status: provisional +see-also: +replaces: +superseded-by: diff --git a/keps/sig-cli/20190920-future-of-kubectl-cp.md b/keps/sig-cli/2381-future-of-kubectl-cp/README.md similarity index 88% rename from keps/sig-cli/20190920-future-of-kubectl-cp.md rename to keps/sig-cli/2381-future-of-kubectl-cp/README.md index 3fac492fd79..79ae5442057 100644 --- a/keps/sig-cli/20190920-future-of-kubectl-cp.md +++ b/keps/sig-cli/2381-future-of-kubectl-cp/README.md @@ -1,22 +1,3 @@ ---- -title: future-of-kubectl-cp -authors: - - "@sallyom" -owning-sig: sig-cli -participating-sigs: - - sig-usability -reviewers: - - "@liggitt" - - "@brendandburns" -approvers: - - "@pwittrock" - - "@soltysh" -editor: TBD -creation-date: 2019-09-20 -last-updated: 2019-09-20 -status: provisional ---- - # future-of-kubectl-cp ## Table of Contents @@ -60,11 +41,11 @@ status: provisional ## Summary -This document summarizes and originates from this email thread, -[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ). +This document summarizes and originates from this email thread, +[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ). This document aims to solidify the future of `kubectl cp` as a tool that provides basic function of copying files between local environments and pods. Any advanced use cases -such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands. +such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands. Over the past few releases, there have been numerous security issues with `kubectl cp` that have resulted in release updates in all supported versions of kubectl. At the same time,any new PR that extends `kubectl cp` must undergo extra reviews to evaluate security threats that may arise [1][2]. Over the past few months, @@ -72,14 +53,14 @@ security fixes have required dropping edge cases and function of the command. I useful and secure. There are alternative approaches that provide the same function as `kubectl cp` [3]. Using `kubectl exec ...| tar` provides transparency when copying files as well as mitigations for path traversals, symlink directory escapes, tar bombs, and other exploits. Use of tar is more featureful, in that it can preserve file permissions and copy pod-to-pod. Also, `kubectl cp` is dependent on the tar binary -in a container. A malicious tar binary is outside of what `kubectl cp` can control. +in a container. A malicious tar binary is outside of what `kubectl cp` can control. -With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl. -It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%. +With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl. +It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%. -[1] https://github.com/kubernetes/kubernetes/pull/78622 -[2] https://github.com/kubernetes/kubernetes/pull/73053 -[3] https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53 +[1] https://github.com/kubernetes/kubernetes/pull/78622 +[2] https://github.com/kubernetes/kubernetes/pull/73053 +[3] https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53 ## Motivation @@ -88,10 +69,10 @@ It's better to address 80% of use cases with a simple tool than trying to addres * [CVE-2019-1002101](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002101) * [CVE-2019-11246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11246) * [CVE-2019-11249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11249) -- To use `kubectl cp`, container images are required to have the tar binary. `kubectl cp` is not available when running containers from the minimal [scratch image](https://hub.docker.com/_/scratch/). - Running from scratch is by itself a tactic to securing containers, as it encourages the best practice of limiting the tools packaged in an image to only what's required by a workload. +- To use `kubectl cp`, container images are required to have the tar binary. `kubectl cp` is not available when running containers from the minimal [scratch image](https://hub.docker.com/_/scratch/). + Running from scratch is by itself a tactic to securing containers, as it encourages the best practice of limiting the tools packaged in an image to only what's required by a workload. -This proposal is that `kubectl cp` should perform only basic copying of files. Advanced features of file copying should be out of scope for `kubectl cp`. +This proposal is that `kubectl cp` should perform only basic copying of files. Advanced features of file copying should be out of scope for `kubectl cp`. ### Goals for kubectl cp @@ -103,18 +84,18 @@ This proposal is that `kubectl cp` should perform only basic copying of files. ### Non-Goals For either of these, a separate proposal weighing the cost/benefit would be required. These are out of scope of this proposal to simplify `kubectl cp`: -- Rewrite `kubectl cp` to not use tar, by modifying CRI as outlined partially [here](https://github.com/kubernetes/kubernetes/issues/58512). +- Rewrite `kubectl cp` to not use tar, by modifying CRI as outlined partially [here](https://github.com/kubernetes/kubernetes/issues/58512). - Rewrite `kubectl cp` to be functional in scratch based containers through use of ephemeral containers as outlined [here](https://github.com/kubernetes/kubernetes/issues/58512#issuecomment-528384746) ## Proposal - `kubectl cp` should provide simple function of copying single file or directory between local environments and pods. -- Identify and document `kubectl exec` commands to address more advanced options for copying files. +- Identify and document `kubectl exec` commands to address more advanced options for copying files. - Provide users attempting to use `kubectl cp + symlinks/etc` with output showing comparable `kubectl exec ...| tar` cmds. -- It is up for a decision in this proposal whether the community prefers to implement the `shelling out to tar from within kubectl cp` -or leave as suggestions in error output. -- Barring decision of the above, only the user stories listed below should be supported by `kubectl cp`. If additional user stories are added via shelling out to tar from kubectl, - those will be outlined below. +- It is up for a decision in this proposal whether the community prefers to implement the `shelling out to tar from within kubectl cp` +or leave as suggestions in error output. +- Barring decision of the above, only the user stories listed below should be supported by `kubectl cp`. If additional user stories are added via shelling out to tar from kubectl, + those will be outlined below. ### User Stories @@ -138,7 +119,7 @@ or leave as suggestions in error output. ### Risks and Mitigations Any scripts or automation that currently rely on advanced features of `kubectl cp` will be broken. -To mitigate, detailed information about why the command now fails as well as example `kubectl exec ...| tar` alternatives will be output. +To mitigate, detailed information about why the command now fails as well as example `kubectl exec ...| tar` alternatives will be output. ## Design Details @@ -152,8 +133,8 @@ Ensure that failure includes example alternative approach, plus information abou ### Upgrade / Downgrade Strategy `kubectl cp` function removed as a result of a CVE fix or other will be documented clearly. -Information about why subcommand/option is no longer supported, what files are skipped, and also alternative `kubectl exec ...| tar` commands -will be included in failed command output. This output will then always be given (not just for a deprecation period). +Information about why subcommand/option is no longer supported, what files are skipped, and also alternative `kubectl exec ...| tar` commands +will be included in failed command output. This output will then always be given (not just for a deprecation period). ### Version Skew Strategy @@ -162,4 +143,4 @@ will be included in failed command output. This output will then always be give ## Drawbacks Automation scripts that include `kubectl cp` will be broken if options and features are removed from the command. -The motivation of improving security is weighed against this potential drawback. +The motivation of improving security is weighed against this potential drawback. diff --git a/keps/sig-cli/2381-future-of-kubectl-cp/kep.yaml b/keps/sig-cli/2381-future-of-kubectl-cp/kep.yaml new file mode 100644 index 00000000000..ff0bb77381e --- /dev/null +++ b/keps/sig-cli/2381-future-of-kubectl-cp/kep.yaml @@ -0,0 +1,17 @@ +title: future-of-kubectl-cp +kep-number: 2381 +authors: + - "@sallyom" +owning-sig: sig-cli +participating-sigs: + - sig-usability +reviewers: + - "@liggitt" + - "@brendandburns" +approvers: + - "@pwittrock" + - "@soltysh" +editor: TBD +creation-date: 2019-09-20 +last-updated: 2019-09-20 +status: provisional diff --git a/keps/sig-cli/kustomize-exec-secret-generator.md b/keps/sig-cli/2382-kustomize-exec-secret-generator/README.md similarity index 95% rename from keps/sig-cli/kustomize-exec-secret-generator.md rename to keps/sig-cli/2382-kustomize-exec-secret-generator/README.md index d9808011ebf..45c2241cb7f 100644 --- a/keps/sig-cli/kustomize-exec-secret-generator.md +++ b/keps/sig-cli/2382-kustomize-exec-secret-generator/README.md @@ -1,22 +1,3 @@ ---- -title: Kustomize Exec Secret Generator -authors: - - "@pwittrock" -owning-sig: sig-cli -participating-sigs: -reviewers: - - "@anguslees" - - "@Liujingfang1" - - "@sethpollack" -approvers: - - "@monopole" -editor: "@pwittrock" -creation-date: 2019-03-12 -last-updated: 2019-03-12 -status: implementable -see-also: - - "https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/kustomize-secret-generator-plugins.md" ---- # Kustomize Exec Secret Generator @@ -95,7 +76,7 @@ expected to want to be able to invoke the tools they already use for addressing ### Goals - Enable users to generate Secrets using the tools they already use to do so -- Secure by default - Alice must configure her environment in an insecure manner and run the command in an +- Secure by default - Alice must configure her environment in an insecure manner and run the command in an insecure way for it to be exploitable - Support Linux / Mac / Windows OS's diff --git a/keps/sig-cli/2382-kustomize-exec-secret-generator/kep.yaml b/keps/sig-cli/2382-kustomize-exec-secret-generator/kep.yaml new file mode 100644 index 00000000000..273f6c8b58d --- /dev/null +++ b/keps/sig-cli/2382-kustomize-exec-secret-generator/kep.yaml @@ -0,0 +1,18 @@ +title: Kustomize Exec Secret Generator +kep-number: 2382 +authors: + - "@pwittrock" +owning-sig: sig-cli +participating-sigs: +reviewers: + - "@anguslees" + - "@Liujingfang1" + - "@sethpollack" +approvers: + - "@monopole" +editor: "@pwittrock" +creation-date: 2019-03-12 +last-updated: 2019-03-12 +status: implementable +see-also: + - "/keps/sig-cli/2385-kustomize-secret-generator-plugins/" diff --git a/keps/sig-cli/kustomize-extend-patch.md b/keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/README.md similarity index 92% rename from keps/sig-cli/kustomize-extend-patch.md rename to keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/README.md index ad35ee80156..83f6052289e 100644 --- a/keps/sig-cli/kustomize-extend-patch.md +++ b/keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/README.md @@ -1,24 +1,3 @@ ---- -title: Extend Kustomize Patches to Multiple Targets -authors: - - "@Liujingfang1" -owning-sig: sig-cli -participating-sigs: - - sig-apps -reviewers: - - "@pwittrock" - - "@mengqiy" -approvers: - - "@monopole" -editor: "@Liujingfang1" -creation-date: 2019-03-14 -last-updated: 2019-03-18 -status: implementable -see-also: -replaces: -superseded-by: - - n/a ---- # Extend Kustomize Patches to Multiple Targets @@ -65,7 +44,7 @@ Both types need group, version, kind and name(GVKN) of a Kubernetes resource to the unique target to perform the patching. In strategic merge patch, GVKN is included in the patch itself. In JSON patch, the GVKN is specified in `kustomization.yaml`. -There have been [requests](https://github.com/kubernetes-sigs/kustomize/issues/720) for patching multiple targets by one patch for different purposes: +There have been [requests](https://github.com/kubernetes-sigs/kustomize/issues/720) for patching multiple targets by one patch for different purposes: - override one field for all objects of one type - add or remove common command arguments for all containers - inject a [sidecar proxy](https://istio.io/docs/setup/kubernetes/sidecar-injection/) as in istio to all containers diff --git a/keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/kep.yaml b/keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/kep.yaml new file mode 100644 index 00000000000..d32ed8158d3 --- /dev/null +++ b/keps/sig-cli/2383-extend-kustomize-patches-to-multiple-targets/kep.yaml @@ -0,0 +1,20 @@ +title: Extend Kustomize Patches to Multiple Targets +kep-number: 2383 +authors: + - "@Liujingfang1" +owning-sig: sig-cli +participating-sigs: + - sig-apps +reviewers: + - "@pwittrock" + - "@mengqiy" +approvers: + - "@monopole" +editor: "@Liujingfang1" +creation-date: 2019-03-14 +last-updated: 2019-03-18 +status: implementable +see-also: +replaces: +superseded-by: + - n/a diff --git a/keps/sig-cli/kustomize-file-processing-integration.md b/keps/sig-cli/2384-kustomize-file-processing-integration/README.md similarity index 91% rename from keps/sig-cli/kustomize-file-processing-integration.md rename to keps/sig-cli/2384-kustomize-file-processing-integration/README.md index 50e3d810563..7a4c14d3b1b 100644 --- a/keps/sig-cli/kustomize-file-processing-integration.md +++ b/keps/sig-cli/2384-kustomize-file-processing-integration/README.md @@ -1,30 +1,7 @@ ---- -title: Kustomize File Processing Integration -authors: - - "@pwittrock" -owning-sig: sig-cli -participating-sigs: - - sig-cli -reviewers: - - "@liggitt" - - "@seans3" - - "@soltysh" - - "@monopole" -approvers: - - "@liggitt" - - "@seans3" - - "@soltysh" - - "@monopole" -editor: "@pwittrock" -creation-date: 2019-01-17 -last-updated: 2019-03-18 -status: implemented -see-also: - - "kustomize-subcommand-integration.md" -replaces: -superseded-by: - - n/a ---- + + +[execRemoval]: https://github.com/kubernetes-sigs/kustomize/issues/692 + # Kustomize File Processing Integration @@ -50,9 +27,9 @@ superseded-by: ## Summary -This is a follow up to [KEP Kustomize Subcommand Integration](kustomize-subcommand-integration.md) +This is a follow up to [KEP Kustomize Subcommand Integration](/keps/sig-cli/2386-kustomize-subcommand-integration/) -[Kustomize](https://github.com/kubernetes-sigs/kustomize) was introduced as +[Kustomize](https://github.com/kubernetes-sigs/kustomize) was introduced as subcommand of kubectl to allow users to build their kustomizations directly. However users need to pipe the kustomize output to other commands in order to use the kustomizations. @@ -125,7 +102,7 @@ Graduation criteria for the `-k, --kustomize` flag - Specifying it along with `-f` (separately)? - If / when available, gather usage metrics of the `-k` flag in kubectl commands to evaluate adoption - Gather feedback on overall flag experience from users (issues, slack, outreach, etc) -- Should we add in-kubectl documentation for kustomization format? - e.g. `kubectl kustomize --help` would +- Should we add in-kubectl documentation for kustomization format? - e.g. `kubectl kustomize --help` would give information about the kustomization.yaml format ### Implement @@ -140,7 +117,7 @@ Graduation criteria for the `-k, --kustomize` flag - update kubectl docs on k8s.io that use `-n` to set namespace for apply to also show `kustomization.yaml` - update imperative kubectl docs on k8s.io that set namespaces, labels, annotations to also show the declarative approach using kustomize - + - Update cobra (e.g. `--help`) examples for apply, delete, get, etc to include the `-k` flag. - Update cobra docs for `-n` flag with apply to suggest using a declarative kustomization.yaml instead - Update cobra examples for imperative set, create commands that can be generated to call out the declarative diff --git a/keps/sig-cli/2384-kustomize-file-processing-integration/kep.yaml b/keps/sig-cli/2384-kustomize-file-processing-integration/kep.yaml new file mode 100644 index 00000000000..ef41765e18d --- /dev/null +++ b/keps/sig-cli/2384-kustomize-file-processing-integration/kep.yaml @@ -0,0 +1,26 @@ +title: Kustomize File Processing Integration +kep-number: 2384 +authors: + - "@pwittrock" +owning-sig: sig-cli +participating-sigs: + - sig-cli +reviewers: + - "@liggitt" + - "@seans3" + - "@soltysh" + - "@monopole" +approvers: + - "@liggitt" + - "@seans3" + - "@soltysh" + - "@monopole" +editor: "@pwittrock" +creation-date: 2019-01-17 +last-updated: 2019-03-18 +status: implemented +see-also: + - "/keps/sig-cli/2386-kustomize-subcommand-integration/" +replaces: +superseded-by: + - n/a diff --git a/keps/sig-cli/kustomize-secret-generator-plugins.md b/keps/sig-cli/2385-kustomize-secret-generator-plugins/README.md similarity index 96% rename from keps/sig-cli/kustomize-secret-generator-plugins.md rename to keps/sig-cli/2385-kustomize-secret-generator-plugins/README.md index db0ee55f838..42cfc8bebf4 100644 --- a/keps/sig-cli/kustomize-secret-generator-plugins.md +++ b/keps/sig-cli/2385-kustomize-secret-generator-plugins/README.md @@ -1,26 +1,3 @@ ---- -title: Kustomize Secret Generator Plugins -authors: - - "@sethpollack" -owning-sig: sig-cli -participating-sigs: - - sig-apps - - sig-architecture -reviewers: - - "@monopole" - - "@Liujingfang1" -approvers: - - "@monopole" - - "@Liujingfang1" - - "@pwittrock" -editor: "@sethpollack" -creation-date: 2019-02-04 -last-updated: 2019-02-04 -status: implementable ---- - -[execRemoval]: https://github.com/kubernetes-sigs/kustomize/issues/692 - # Kustomize Secret K:V Generator Plugins ## Table of Contents @@ -84,13 +61,13 @@ workarounds. - The specification will allow for any number of plugin types, and any number of instances of those types. - + - The first type supported will be [goplugins](https://golang.org/pkg/plugin), to enable kustomize source code contributors to add custom KV generators without the need to maintain a kustomize source code fork. - + Kustomize maintainers expect developers who use a goplugin to understand that a kustomize binary and any goplugins expected to work with it must be @@ -417,7 +394,7 @@ convert to the new `builtin` form to access these KV sources. ## Graduation Criteria of plugin framework -### Alpha status +### Alpha status The kustomization fields that support a general plugin framework (which could support many kinds of plugins in @@ -437,7 +414,7 @@ in CONTRIBUTING.md. we'd like to see development of an exec-style plugin targeted to end users before deciding to graduate the framework to beta/GA. - + For goplugins themselves to reach beta/GA, we'd like exec-style based plugin implemented and still see some preference for the Go based approach. @@ -446,7 +423,7 @@ in CONTRIBUTING.md. * High level feature test (like those in [pkg/target](https://github.com/kubernetes-sigs/kustomize/tree/master/api/internal/target)) - * Field documentarion in the + * Field documentarion in the [canonical example file](https://github.com/kubernetes-sigs/kustomize/blob/master/examples/helloWorld/kustomization.yaml) * Usage [examples](https://github.com/kubernetes-sigs/kustomize/tree/master/examples). diff --git a/keps/sig-cli/2385-kustomize-secret-generator-plugins/kep.yaml b/keps/sig-cli/2385-kustomize-secret-generator-plugins/kep.yaml new file mode 100644 index 00000000000..f3ce2847ecc --- /dev/null +++ b/keps/sig-cli/2385-kustomize-secret-generator-plugins/kep.yaml @@ -0,0 +1,19 @@ +title: Kustomize Secret Generator Plugins +kep-number: 2385 +authors: + - "@sethpollack" +owning-sig: sig-cli +participating-sigs: + - sig-apps + - sig-architecture +reviewers: + - "@monopole" + - "@Liujingfang1" +approvers: + - "@monopole" + - "@Liujingfang1" + - "@pwittrock" +editor: "@sethpollack" +creation-date: 2019-02-04 +last-updated: 2019-02-04 +status: implementable diff --git a/keps/sig-cli/kustomize-subcommand-integration.md b/keps/sig-cli/2386-kustomize-subcommand-integration/README.md similarity index 95% rename from keps/sig-cli/kustomize-subcommand-integration.md rename to keps/sig-cli/2386-kustomize-subcommand-integration/README.md index 7468d17163c..f049fa38abb 100644 --- a/keps/sig-cli/kustomize-subcommand-integration.md +++ b/keps/sig-cli/2386-kustomize-subcommand-integration/README.md @@ -1,30 +1,4 @@ ---- -title: Kustomize Subcommand Integration -authors: - - "@Liujingfang1" -owning-sig: sig-cli -participating-sigs: - - sig-cli -reviewers: - - "@liggitt" - - "@seans3" - - "@soltysh" -approvers: - - "@liggitt" - - "@seans3" - - "@soltysh" -editor: "@pwittrock" -creation-date: 2018-11-07 -last-updated: 2019-02-15 -status: implemented -see-also: - - "[kustomize](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/workflows.md)" - - "kustomize-file-processing-integration.md" -replaces: - - "0008-kustomize.md" -superseded-by: - - n/a ---- + # Kustomize Subcommand Integration @@ -68,14 +42,14 @@ It is independent of, but complementary to, the [*server-side apply*](https://gi initiative that was started later and targeted at a separate collection of `kubectl apply` issues. -Kustomize offers generators and transformations in a declarative form that +Kustomize offers generators and transformations in a declarative form that improve on functionality provided by existing imperative commands in kubectl. The declarative approach offers a clear path to accountability (all input can be kept in version control), can safely exploit a holistic, unbounded view of -disparate resources and their interdependence (it's a plan about what to do, -not a direct action), and can be easily constrained to verifiable rules -across this view (all edits must be structured, no removal semantics, no +disparate resources and their interdependence (it's a plan about what to do, +not a direct action), and can be easily constrained to verifiable rules +across this view (all edits must be structured, no removal semantics, no environment side-effects, etc.). Imperative kubectl commands / flags available through kustomize: @@ -186,13 +160,13 @@ User friction solved through capabilities such as: Kustomize Standalone Sub Command -Publish the `kustomize build` command as `kubectl kustomize`. Update +Publish the `kustomize build` command as `kubectl kustomize`. Update documentation to demonstrate using kustomize as `kubectl kustomize | kubectl apply -f -`. `kubectl kustomize` takes a single argument with is the location of a directory containing a file named `kustomization.yaml` and writes to stdout the kustomized Resource Config. -If the directory does not contain a `kustomization.yaml` file, it returns an +If the directory does not contain a `kustomization.yaml` file, it returns an error. Defer deeper integration into ResourceBuilder (e.g. `kubectl apply -k `) as a follow up after discussing @@ -242,7 +216,7 @@ commonAnnotations: configMapGenerator: - name: myJavaServerEnvVars - literals: + literals: - JAVA_HOME=/opt/java/jdk - JAVA_TOOL_OPTIONS=-agentlib:hprof @@ -301,7 +275,7 @@ Low: - Kustomize has other porcelain commands to facilitate common workflows. This proposal does not include integrating them into kubectl. Users would need to download kustomize separate to get these benefits. - + Low: - `kubectl kustomize ` doesn't take a `-f` flag like the other commands. @@ -334,9 +308,9 @@ Most implementation will be in cli-runtime - [ ] vendor `kustomize/pkg` into kubernetes - [ ] copy `kustomize/k8sdeps` into cli-runtime - - Once cli-runtime is out of k/k, move the kustomize libraries there (but + - Once cli-runtime is out of k/k, move the kustomize libraries there (but not the commands) -- [ ] Implement a function in cli-runtime to run kustomize build with input as fSys and/or path. +- [ ] Implement a function in cli-runtime to run kustomize build with input as fSys and/or path. - execute kustomize build to get a list of resources - write the output to io.Writer - [ ] Add a subcommand `kustomize` in kubectl. This command accepts one argument and write the output to stdout @@ -344,7 +318,7 @@ Most implementation will be in cli-runtime - [ ] documentation: - Write full doc for `kubectl kustomize` - Update the examples in kubectl apply/delete to include the usage of kustomize - + ## Alternatives The approaches in this section are considered, but rejected. @@ -368,7 +342,7 @@ kubernetes/staging and move to this as the source of truth. - Cons - It leaves long standing issues in kubectl unaddressed within the tool itself. - It does not support any deeper integrations - such as giving error messages with meaningful line numbers. - + ### Build a separate tools targeted at Kubernetes declarative workflows. Copy the declarative code from kubectl into a new tool. Use this for declarative workflows. @@ -384,4 +358,4 @@ Questions: - Cons - Not clear how this helps users - Does't address distribution problems - - User friction around duplication of functionality or remove of functionality \ No newline at end of file + - User friction around duplication of functionality or remove of functionality diff --git a/keps/sig-cli/2386-kustomize-subcommand-integration/kep.yaml b/keps/sig-cli/2386-kustomize-subcommand-integration/kep.yaml new file mode 100644 index 00000000000..f8bf17026ab --- /dev/null +++ b/keps/sig-cli/2386-kustomize-subcommand-integration/kep.yaml @@ -0,0 +1,26 @@ +title: Kustomize Subcommand Integration +kep-number: 2386 +authors: + - "@Liujingfang1" +owning-sig: sig-cli +participating-sigs: + - sig-cli +reviewers: + - "@liggitt" + - "@seans3" + - "@soltysh" +approvers: + - "@liggitt" + - "@seans3" + - "@soltysh" +editor: "@pwittrock" +creation-date: 2018-11-07 +last-updated: 2019-02-15 +status: implemented +see-also: + - "[kustomize](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/workflows.md)" + - "/keps/sig-cli/2384-kustomize-file-processing-integration/" +replaces: + - "0008-kustomize.md" +superseded-by: + - n/a