Skip to content

KEP-3619: Graduate "Fine-grained SupplementalGroups control" To GA #5613

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

KEP-3619: Graduate "Fine-grained SupplementalGroups control" To GA #5613

wants to merge 8 commits into from
+16 −12

Conversation

everpeace
Copy link
Contributor

  • One-line PR description: This PR updates KEP-3169 to reflect the graduation of the "Fine-grained SupplementalGroups control" feature to General Availability (GA), targeting the v1.35 release.
  • Other comments: This PR also includes
    • some cleanups in the KEP (adjusting GA criteria and other minor adjustments).
    • PRR approval request

/kind documentation
/sig node

/assign @thockin @mrunalp @SergeyKanzhelev @haircommander (as the KEP reviewers)
/assign @johnbelamaric (as PRR approver)

@k8s-ci-robot k8s-ci-robot added kind/documentation Categorizes issue or PR as related to documentation. sig/node Categorizes an issue or PR as relevant to SIG Node. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 4, 2025
@k8s-ci-robot k8s-ci-robot added the kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory label Oct 4, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: everpeace
Once this PR has been reviewed and has the lgtm label, please assign deads2k, derekwaynecarr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Oct 4, 2025
everpeace
everpeace commented Oct 4, 2025
View reviewed changes
keps/sig-node/3619-supplemental-groups-policy/README.md
- [conformance tests] are added for `SupplementalGroupsPolicy` and `ContainerStatus.User` APIs

[conformance tests]: https://git.k8s.io/community/contributors/devel/sig-architecture/conformance-tests.md
- No negative user feedback based on production experience, promote after 2 releases in beta.
Copy link
Contributor Author

@everpeace everpeace Oct 4, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated GA criteria in two points:

  • I removed "gVisor.." criteria because it is a low-level container runtime, which is not relevant to the feature. And two major CRI runtimes (containerd, CRI-O) already support this feature. I think it's enough to promote this feature to GA
  • I removed conformance test criteria. IIUC, CRI runtime dependent features can't be added to the conformance test. So, I removed it.

@everpeace everpeace mentioned this pull request Oct 4, 2025
Open
34 tasks
@everpeace
KEP-3619: fix typo: "RutimeClass" -> "RuntimeClass"
e4899fe
@everpeace
KEP-3619: added 'kubelet_admission_rejections_total' as rollback info…
f15edab 
…rmation metric
@everpeace
KEP-3619: update GA criteria
8378701 
- Removing gVisor, Kata Containers criteria because they are low-level container runtime, it's not relevant to this KEP.
- Removing conformance tests criteria because we can't add this currently because this feature is Container Runtime dependent feature.
@everpeace
KEP-3619: added note about this feature can not be disabled after GA
d86a0d9
@everpeace
KEP-3619: set the milestone to GA
bd3d304
@everpeace
KEP-3619: updated PRR approval request file for GA
71dea53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeremyrickard jeremyrickard Awaiting requested review from jeremyrickard

@mrunalp mrunalp Awaiting requested review from mrunalp

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/documentation Categorizes issue or PR as related to documentation. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/node Categorizes an issue or PR as relevant to SIG Node. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@everpeace @k8s-ci-robot