Add blog for kep-3721 #51529
Add blog for kep-3721 #51529
Conversation
k8s-ci-robot
added
the
do-not-merge/work-in-progress
👷 Deploy Preview for kubernetes-io-vnext-staging processing.
|
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
language/en
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Hi @ajaysundark @HirazawaUi 👋 this is Agus from the v1.34 Communications Team! @ajaysundark as author of #51428, I'd like you to be a writing buddy for @HirazawaUi on this PR. Please:
|
HirazawaUi
force-pushed
the
add-3721-blog
branch
from
17ac8e1 to
f67da6c
Compare
k8s-ci-robot
added
area/localization
k8s-ci-robot
added
size/XS
|
/sig release |
k8s-ci-robot
added
the
sig/release
|
/remove-language zh |
k8s-ci-robot
removed
language/zh
|
Hi @HirazawaUi 👋 -- this is Agus from the v1.34 Communications Team! Just a friendly reminder that we are approaching the feature blog "ready for review" deadline: Friday 8th August 2025. We ask you to have the blog in non-draft state, and all write-up to be complete. If you have any questions or need help, please don't hesitate to reach out to me or any of the Communications Team members. We are here to help you! |
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
content/en/blog/_posts/2025-09-01-introducing-env-files/index.md
Outdated
Show resolved
Hide resolved
| The `emptyDir` volumes do not provide the same [security protections as Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#information-security-for-secrets). | ||
| so if security is a top concern, stick with Secrets where possible. | ||
| We’ll make sure the docs call this out clearly. No newline at end of file |
There was a problem hiding this comment.
This is really bad advice. Using this new mechanism may actually provide better information security that Secret.
Only include this statement if you can get a SIG Security person, ideally a tech lead for SIG Security, to endorse that inclusion.
There was a problem hiding this comment.
Can I avoid involving the SIG Security maintainers by removing the description of the secret? They aren’t familiar with this feature and might unnecessarily spend extra time understanding it :)
There was a problem hiding this comment.
I've rephrited this, specifically avoiding mention of secret and instead emphasized that this feature is unsuitable for storing sensitive data without adequate and appropriate cluster security policies. Do you think this is sufficient? Or do we still need a technical review from SIG Security?
|
/hold I have a strong concern: see #51529 (comment) OK to unhold if either:
|
k8s-ci-robot
added
the
do-not-merge/hold
HirazawaUi
force-pushed
the
add-3721-blog
branch
from
cc1a4fa to
59f5460
Compare
k8s-ci-robot
removed
the
lgtm
HirazawaUi
force-pushed
the
add-3721-blog
branch
2 times, most recently
from
e21f134 to
a2c5008
Compare
|
|
||
| If storing sensitive data like keys or tokens using this feature, | ||
| ensure your cluster security policies effectively protect nodes | ||
| against unauthorized access to prevent exposure of confidential information. No newline at end of file |
There was a problem hiding this comment.
| against unauthorized access to prevent exposure of confidential information. | |
| against unauthorized access to prevent exposure of confidential information. | |
| ## Summary | |
| This feature will eliminate a number of complex workarounds used today, simplifying | |
| apps authoring, and opening doors for more use cases. Kubernetes stays flexible and | |
| open for feedback. Tell us how you use this feature or what is missing. |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: 2aecd50bbfcc1a0b06ea26e68ea6a2bd5c243740
|
HirazawaUi
force-pushed
the
add-3721-blog
branch
from
a2c5008 to
be8e048
Compare
k8s-ci-robot
removed
the
lgtm
HirazawaUi
force-pushed
the
add-3721-blog
branch
from
be8e048 to
b6f21b6
Compare
|
With SIG and Comms review done, assigning to SIG Docs Blog for approval |
k8s-ci-robot
added
lgtm
|
LGTM label has been added. Git tree hash: 1cf7d42619f75ea77509658f38d236f5cceb067c
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: graz-dev, SergeyKanzhelev The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Description
Add a blog for KEP-3721
Relate: kubernetes/enhancements#3721
Issue
Closes: #