Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS REQUEST: add CAA record #2216

Closed
jimangel opened this issue Jun 15, 2021 · 11 comments
Closed

DNS REQUEST: add CAA record #2216

jimangel opened this issue Jun 15, 2021 · 11 comments
Assignees
@jimangel
Labels
area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/security Categorizes an issue or PR as relevant to SIG Security.
Projects
sig-k8s-infra
Milestone
v1.24

Comments

@jimangel
Copy link
Member

It was requested to create CAA DNS records for k/website as a security best practices and, well, it's good to know what CAs can issue "official" certificates for public facing Kubernetes things.

More info in this PR: #1849. The PR covers kubernetes.io, not k8s.io, which we should also lock down in a similar manor.

/priority important-soon
/milestone v1.22
/cc @dims @ameukam @spiffxp @thockin
@jimangel jimangel added area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ wg/k8s-infra labels Jun 15, 2021
@k8s-ci-robot k8s-ci-robot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Jun 15, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Jun 15, 2021
@jimangel jimangel mentioned this issue Jun 15, 2021
Merged
@ameukam ameukam added this to Needs Triage in sig-k8s-infra via automation Jun 15, 2021
@ameukam ameukam moved this from Needs Triage to Backlog (existing infra) in sig-k8s-infra Jun 15, 2021
@spiffxp
Copy link
Member

spiffxp commented Aug 4, 2021

/milestone v1.23

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.22, v1.23 Aug 4, 2021
@sftim
Copy link
Contributor

sftim commented Aug 13, 2021

/sig security
perhaps?

@k8s-ci-robot k8s-ci-robot added the sig/security Categorizes an issue or PR as relevant to SIG Security. label Aug 13, 2021
@spiffxp
Copy link
Member

spiffxp commented Sep 8, 2021

Bumping for recency because I'd like to see the PR merged in the next week

@spiffxp spiffxp moved this from Backlog (existing infra) to Blocked in sig-k8s-infra Sep 29, 2021
@k8s-ci-robot k8s-ci-robot added sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. and removed wg/k8s-infra labels Sep 29, 2021
@spiffxp
Copy link
Member

spiffxp commented Oct 14, 2021

I have heard no response to the kubernetes.io PR merging, I think we're good to go for a similar PR for k8s.io @jimangel

@ameukam
Copy link
Member

ameukam commented Dec 6, 2021

/milestone v1.24

@k8s-ci-robot k8s-ci-robot modified the milestones: v1.23, v1.24 Dec 6, 2021
@jimangel
Copy link
Member Author

jimangel commented Dec 6, 2021

@spiffxp sorry I missed this, yep, I'll get a PR in for k8s.io soon (probably after 1.23 settles down).

/assign

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 6, 2022
@ameukam
Copy link
Member

ameukam commented Mar 7, 2022

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 7, 2022
@ameukam ameukam mentioned this issue Mar 7, 2022
Merged
@ameukam
Copy link
Member

ameukam commented Apr 7, 2022

@jimangel I think we can close this. It's been exactly 30 days since we added the CAA record for k8s.io. WDYT ?

@jimangel
Copy link
Member Author

LGTM! Thanks!
/close

@k8s-ci-robot
Copy link
Contributor

@jimangel: Closing this issue.

In response to this:

LGTM! Thanks!
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

sig-k8s-infra automation moved this from Blocked to Done Apr 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jimangel jimangel

Labels
area/dns DNS records for k8s.io, kubernetes.io, k8s.dev, etc., code in dns/ priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/k8s-infra Categorizes an issue or PR as relevant to SIG K8s Infra. sig/security Categorizes an issue or PR as relevant to SIG Security.
Projects
SIG K8S Infra
Status: Done
sig-k8s-infra
  
Done
Milestone
v1.24
Development

No branches or pull requests
6 participants
@spiffxp @ameukam @jimangel @k8s-ci-robot @sftim @k8s-triage-robot