Hello, all!
Marek (@serathius) recently opened twenty PRs adding field tags to several Kubernetes structs.
To promote visibility and to avoid rehashing similar threads across them, we thought it best to start a thread here.
Marek's PRs request tagging those fields which may hold credentials.
KEP-1753 proposed these `datapolicy` tags, with the objective of adding filtered klog methods that would redact them.
See
this comment in the KEP Issue for the collected field tag PRs and their progress.
As a logging enhancement, KEP-1753 is formally owned by sig-instrumentation.
However, it
has been noted that such horizontal changes should be agreed upon by all component-owning SIGs.
While proposed initially KEP-1753, these field tags are also planned to be consumed by
KEP-1933.
This KEP will add taint propagation analysis to PR testing and will alert developers if they send tagged arguments to a non-filtered log call.
If there are any concerns you'd like to raise or additional clarification you would like, feel free to raise them here or on Slack.
Imagination is Change.
~Patrick Rhomberg (@PurelyApplied)