-
Notifications
You must be signed in to change notification settings - Fork 238
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cpu: re-organize security features #833
cpu: re-organize security features #833
Conversation
Move existing security/trusted-execution related features (i.e. SGX and SE) under the same "security" feature, deprecating the old features. The motivation for the change is to keep the source code and user interface more organized as we experience a constant inflow of similar security related features. This change will affect the user interface so it is less painful to do it early on. New feature labels will be: feature.node.kubernetes.io/cpu-security.se.enabled feature.node.kubernetes.io/cpu-security.sgx.enabled and correspondingly new "cpu.security" feature with "se.enabled" and "sgx.enabled" elements will be available for custom rules, for example: - name: "sample sgx rule" labels: sgx.sample.feature: "true" matchFeatures: - feature: cpu.security matchExpressions: "sgx.enabled": {op: IsTrue} At the same time deprecate old labels "cpu-sgx.enabled" and "cpu-se.enabled" feature labels and the corresponding features for custom rules. These will be removed in the future causing an effective change in NFDs user interface.
RFC |
@marquiz Where are we with the topic of having shorter feature labels? I think this is also still open. I think we should start thinking of doing that as well as soon as possible before we are adding features that are used by other projects and it creates to much confusion when switching. |
Yeah, agree on this. I added both (#832 and #778) into the v0.12 milestone. What do you think about this PR vs. a totally separate |
Any thoughts on this? @mythi @zvonkok @ArangoGutierrez ? |
I added my thoughts in #832 (comment) earlier |
Ach yes, sorry I already forgot that comment 😊 Suggestions (or PRs) how to change the feature descriptions in docs are welcome. Removing the RFC status of this PR |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: ArangoGutierrez, marquiz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Move existing security/trusted-execution related features (i.e. SGX and
SE) under the same
security
feature, deprecating the old features. Themotivation for the change is to keep the source code and user interface
more organized as we experience a constant inflow of similar security
related features. This change will affect the user interface so it is
less painful to do it early on.
New feature labels will be:
and correspondingly new
cpu.security
feature withse.enabled
andsgx.enabled
elements will be available for custom rules, for example:At the same time deprecate old labels
cpu-sgx.enabled
andcpu-se.enabled
feature labels and the corresponding features forcustom rules. These will be removed in the future causing an effective
change in NFDs user interface.