Stability Initiative

[clux]

We plan to provide a series of stability guarantees, policies, and a stable governance via CNCF, for kube-rs going forward.

This is an umbrella issue tracking progress and major outstanding work before we mark ourselves as stable. It pertains to the Stability category on the roadmap.

Background

This is part of a set of stable client requirements plus extra requirements that we would like to provide on top so that users can feel safe choosing kube-rs as a reliable set of libraries to build upon kubernetes.

There's been a lot of introductory work in this area already as part of our in-progress CNCF setup (#584), along with stability work in #508 (which this issue replaces).

A lot of this is document pertains to process/policy writing that needs to be argued for/against, and then their subsequent implementations and enforcement of these proposed processes through continuous integration.

Tasks

Community & Governance

• adopting the cncf code of conduct - cncf code of conduct #593
• architecture.md - write an architecture.md #416
• initial roadmap / governance / security policy / maintainers file / issue templates - open source best practice due diligence #670
• cncf sandbox application donation of kube-rs to cncf #584
• move org-wide policies into .github repo or website - #import most vendored files into this repo website#11
• achieve CII best practices badge outstanding CII bestpractices badge #737

Policies & Clarity:

• documented release process - via release.toml by release team
• minimum rust version (msrv) defined and under CI - minimum supported rust version policy #668
• N documented users - dedicate a root file to adopters #735
• document support level per-platform - Policies for stability website#18
• document kubernetes flavour test levels per-platform - Policies for stability website#18
• panic policy -> delayed- Panic policy #634
• library documentation #[deny(missing_docs)] at root of repos
  • remove last few #[allow(missing_docs)] overrides - purge last missing_docs allows + fix docs errors #728
  • doctest readme - doc = include_str! readme #736
• minimum supported kubernetes version - minimum supported k8s version #684 - Crate versioning k8s-pb#10 and Add information on supported k8s versions and how to pick them website#19
• deprecation policies - Policies for stability website#18
  • decide on a strategy for deprecated attrs - Policies for stability website#18
  • document strategy and for how long we deprecate - currently have done 5 versions (e.g. try_flatten_applied) - Policies for stability website#18
• document interface changes pre 1.0 - Policies for stability website#18
• document change policy post 1.0 - delayed - Breaking Changes after 1.0 #923
• investigate a way to gradually introduce unstable features - Policies for stability website#18

Security:

• trust and authority of dependencies
  • cargo deny multiple-versions - cargo deny mutliple-fields ban #711
  • cargo deny unknown git sources - deny.toml stricten unknown sources + bump tokio for rustsec issue #727
  • cargo deny strict licenses and rustsec vulnerabilities - Add cargo-deny, clippy and rustfmt to CI - try #2 #611
• security policy
• cargo audit on CI
• limit dependabot lock-step upgrade issues:
  • kube as a super-crate facade - kube super-crate #651
  • re-export generated structs from kube? - maybe post k8s-pb
• #[forbid(unsafe_code)] for cargo-geiger 🔒 - deny(unsafe_code) -> forbid(unsafe_code) #734
• fortify secrets with secrecy wrappers - fortification: preventing secret leaks #751

Continuous Integration:

• run tests in strategy.matrix for linux/mac
• extend unit test set to windows - solve github actions windows native-tls build #566
• provide coverage builds and test policies for prs - classify tests and extend coverage #745
• integration/e2e extensions:
  • convert e2e test to run as matrix job against clusters (k3d first) - Run e2e,integration tests against kubernetes versions and ssl stacks #924
  • run integration as a matrix job against min supported kubernetes versions - Run e2e,integration tests against kubernetes versions and ssl stacks #924
  • extend e2e test matrix job to be able to run on both k3d and extra cluster - we would need one first
  • use cloud clusters to point to in CI? (maybe sponsored or / cncf service / cncf community)
  • extend e2e test to cover token renewal -> delayed extend e2e test to cover token renewal #832

[clux]

We've accomplished the main overarching thing we wanted to achieve to at least mark us stable w.r.t. the client stability doc:

🎉

So will close this as I'm tired of having this massive issue around (not a huge fan of the ergonomics of umbrella issues after having tried them).

There are three minor points that did not make it and will need some clarity/improvements in the future, but they have their own issues:

• panic policy - Panic policy #634
• e2e test for cover token renewal - extend e2e test to cover token renewal #832
• document change policy post 1.0 - Breaking Changes after 1.0 #923