/sig windows auth node

@ddebroy - Hi I'm the enhancements lead for 1.14 - it looks like this issue is targeting Alpha for 1.14. Just want to remind that enhancements freeze is 1/29

/milestone v1.14

@ddebroy: You must be a member of the kubernetes/kubernetes-milestone-maintainers github team to set the milestone.

/milestone v1.14

@claurence: You must be a member of the kubernetes/kubernetes-milestone-maintainers github team to set the milestone.

@ddebroy are there any open PRs that should be tracked for this issue for the 1.14 release?

@claurence we were trying to lock down the design and get to implementable state for the KEP this week (https://github.com/kubernetes/enhancements/pull/694, https://github.com/kubernetes/enhancements/pull/710 and https://github.com/kubernetes/enhancements/pull/722).

We will have PRs for the alpha implementations out shortly.

With https://github.com/kubernetes/enhancements/pull/710 merged, the feature should now be in approved/implementable state.

I'll take API review on this (if there ends up being any for the alpha version) since I have context on the KEP

In-tree PR tracking the Alpha enhancements implemented through annotations and dockershim: https://github.com/kubernetes/kubernetes/pull/73726/files

Hey @ddebroy 👋! I'm Naomi, a v1.14 docs release shadow.

Does this enhancement require any new docs (or modifications)?

Just a friendly reminder we're looking for a PR against k/website (branch dev-1.14) due by Friday, March 1. It would be great if it's the start of the full documentation, but even a placeholder PR is acceptable. Let me know if you have any questions!

@npentrel hello, given the target for this cycle is alpha as per the first post, it would be OK if this feature is mentioned as "experimental" with only minimal to no-documentation if possible.

i would leave further clarification and comments to @ddebroy

@JeremyWx is working on docs for GMSA support. Jeremy, will it be possible to get a placeholder PR started against k/website as mentioned by Naomi above? We can then iterate on it. I think it will be great to aim for some docs around this although the feature is in Alpha.

@npentrel docs PR placeholder opened: https://github.com/kubernetes/website/pull/12936

The two main in-tree PRs for this feature include: https://github.com/kubernetes/kubernetes/pull/73726 (merged) and https://github.com/kubernetes/kubernetes/pull/74737 (reviewed/approved/waiting-to-merge).

It also requires a webhook from https://github.com/kubernetes-sigs/windows-gmsa where necessary PRs have merged.

With these, we are ready for Alpha.

Work has commenced on e2e tests but full e2e tests + execution environment and signals will be ready for Beta in 1.15

The link to the proposal is broken in the issue description
Should be https://github.com/kubernetes/enhancements/blob/master/keps/sig-windows/20181221-windows-group-managed-service-accounts-for-container-identity.md

Hello @ddebroy , I'm the Enhancement Lead for 1.15. Is this feature going to be graduating alpha/beta/stable stages in 1.15? Please let me know so it can be tracked properly and added to the spreadsheet.

Once coding begins, please list all relevant k/k PRs in this issue so they can be tracked properly.

/milestone clear

Hi @kacole2, yes we are aiming for Beta in 1.15.

Main PR for the move to Beta: https://github.com/kubernetes/kubernetes/pull/75459

/milestone v.1.15
/stage beta

@kacole2: The provided milestone is not valid for this repository. Milestones in this repository: [keps-beta, keps-ga, v1.14, v1.15]

Use /milestone clear to clear the milestone.

Hey @kacole2 just wanted to make sure the above version type /milestone v.1.15 is taken care of. I think you meant /milestone v1.15

@kacole2 one update wrt GMSA for Windows: due to the API changes we are bringing in 1.15 for GMSA, we will need to keep the feature in feature-gated/alpha state for one more release. So the plan now is to drive towards beta in 1.16. For 1.15 this will stay alpha/feature-gated by default.

/milestone clear
/stage alpha

hi @kacole2 we are planning to move this feature to Beta in v1.16. So wanted to make sure it is tracked appropriately. Thanks!

/milestone v1.16
/stage beta

Hi @ddebroy , I'm the v1.16 docs release shadow.

Does this enhancement require any new docs (or modifications)?

Just a friendly reminder we're looking for a PR against k/website (branch dev-1.16) due by Friday,August 23rd. It would be great if it's the start of the full documentation, but even a placeholder PR is acceptable. Let me know if you have any questions!

Thanks!

@VineethReddy02 yes, we will have doc changes as part of the v1.16. Will open PRs on the repo you pointed.

docs PR: https://github.com/kubernetes/website/pull/15706

PRs for this for 1.16:
https://github.com/kubernetes/kubernetes/pull/80320
To enable e2e testing and look at signals through AKS testgrids:
https://github.com/kubernetes-sigs/windows-testing/pull/98

https://github.com/kubernetes/kubernetes/pull/82110 is the PR to move the feature to Beta and have GMSA support enabled by default.

Hey there @ddebroy -- 1.17 Enhancements lead here. I wanted to check in and see if you think this Enhancement will be graduating to alpha/beta/stable in 1.17?

The current release schedule is:

• Monday, September 23 - Release Cycle Begins
• Tuesday, October 15, EOD PST - Enhancements Freeze
• Thursday, November 14, EOD PST - Code Freeze
• Tuesday, November 19 - Docs must be completed and reviewed
• Monday, December 9 - Kubernetes 1.17.0 Released

If you do, please list all relevant k/k PRs in this issue so they can be tracked properly. 👍

/milestone clear

@mrbobbytables plan right now is to stay in beta for v1.17

Noted -- thank you for the quick response! 👍

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

/remove-lifecycle stale

Hey there @ddebroy -- 1.18 Enhancements shadow here. I wanted to check in and see if you think this Enhancement will be graduating to stable in 1.18 or having a major change in its current level?

The current release schedule is:

• Monday, January 6th - Release Cycle Begins
• Tuesday, January 28th EOD PST - Enhancements Freeze
• Thursday, March 5th, EOD PST - Code Freeze
• Monday, March 16th - Docs must be completed and reviewed
• Tuesday, March 24th - Kubernetes 1.18.0 Released

If you would like to include this enhancement, once coding begins please list all relevant k/k PRs in this issue so they can be tracked properly. 👍

We'll be tracking enhancements here: http://bit.ly/k8s-1-18-enhancements

Thanks! :)

@palnabarun We want to move GMSA support to stable in 1.18

Thank you @ddebroy for the updates. I will update the tracking sheet accordingly.

/milestone v1.18

Hi @ddebroy, just a friendly reminder that the Code Freeze will go into effect on Thursday 5th March.

Can you please link all the k/k PRs or any other PRs which should be tracked for this enhancement?

Thank You :)

Hello @ddebroy I'm one of the v1.18 docs shadows.
Does this enhancement for (or the work planned for v1.18) require any new docs (or modifications to existing docs)? If not, can you please update the 1.18 Enhancement Tracker Sheet (or let me know and I'll do so)

If so, just a friendly reminder we're looking for a PR against k/website (branch dev-1.18) due by Friday, Feb 28th., it can just be a placeholder PR at this time. Let me know if you have any questions!

Hello @ddebroy I'm one of the v1.18 docs shadows.

Does this enhancement for (or the work planned for v1.18) require any new docs (or modifications to existing docs)? If not, can you please update the 1.18 Enhancement Tracker Sheet (or let me know and I'll do so)

If so, just a friendly reminder we're looking for a PR against k/website (branch dev-1.18) due by Friday, Feb 28th, which is roughly 1 weeks from now. It can just be a placeholder PR at this time. Let me know if you have any questions!

Hey @ddebroy @PatrickLang,

Following up on the ask from @palnabarun, can you please link to all the k/k PRs (or PRs in other repos) that we need to track for this enhancement? Code freeze is quickly approaching on 05 March 2020.

Thanks!

Hi @ddebroy :wave: Kind reminder.. have you created the placeholder PR? I know you’re keeping a tab on this, but the deadline will be this Friday..

Docs placeholder PR: https://github.com/kubernetes/website/pull/19349
Feature Graduation PR: https://github.com/kubernetes/kubernetes/pull/88654

Hi @ddebroy, this a reminder that we are just two days away from Code Freeze on 5th March.

By the Code Freeze, https://github.com/kubernetes/kubernetes/pull/88654 should be merged else you would need to file an exception request.

Hi @ddebroy, since this enhancement graduated to Stable this release :rocket:, the status can now be set to be Implemented.

Can you please update the status? After that, we will close this issue.

@palnabarun done at https://github.com/kubernetes/enhancements/pull/1626

Thank you @ddebroy :)

/milestone clear

(removing this enhancement issue from the v1.18 milestone as the milestone is complete)

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

/remove-lifecycle rotten

Looks like this has been implemented. Can this issue be closed now?

@LorbusChris - yes we can close this now. (sorry, just saw this issue)

/stage stable
/close

@marosset: Closing this issue.