Merge pull request kubernetes#2378 from shekhar-rajak/kep_new_template_sig_cli

Migrating from old kep to new template -sig cli keps

Author: k8s-ci-robot

keps/sig-cli/0008-kustomize.md renamed to keps/sig-cli/2377-Kustomize/README.md

@@ -1,27 +1,3 @@
----
-title: Kustomize
-authors:
-  - "@pwittrock"
-  - "@monopole"
-owning-sig: sig-cli
-participating-sigs:
-  - sig-cli
-reviewers:
-  - "@droot"
-approvers:
-  - "@soltysh"
-editor: "@droot"
-creation-date: 2018-05-05
-last-updated: 2019-01-09
-status: implemented
-see-also:
-  - n/a
-replaces:
-  - kinflate # Old name for kustomize
-superseded-by:
-  - "kustomize-subbcommand-integration.md"
----
-
 # Kustomize
 
 ## Table of Contents

keps/sig-cli/2377-Kustomize/kep.yaml

@@ -0,0 +1,22 @@
+title: Kustomize
+kep-number: 2377
+authors:
+  - "@pwittrock"
+  - "@monopole"
+owning-sig: sig-cli
+participating-sigs:
+  - sig-cli
+reviewers:
+  - "@droot"
+approvers:
+  - "@soltysh"
+editor: "@droot"
+creation-date: 2018-05-05
+last-updated: 2019-01-09
+status: implemented
+see-also:
+  - n/a
+replaces:
+  - kinflate # Old name for kustomize
+superseded-by:
+  - "/keps/sig-cli/2386-kustomize-subcommand-integration/"

keps/sig-cli/0024-kubectl-plugins.md renamed to keps/sig-cli/2379-kubectl-plugins/README.md

@@ -1,30 +1,4 @@
----
-title: Kubectl Plugins
-authors:
-  - "@juanvallejo"
-owning-sig: sig-cli
-participating-sigs:
-  - sig-cli
-reviewers:
-  - "@pwittrock"
-  - "@deads2k"
-  - "@liggitt"
-  - "@soltysh"
-approvers:
-  - "@pwittrock"
-  - "@soltysh"
-editor: juanvallejo
-creation-date: 2018-07-24
-last-updated: 2010-02-26
-status: implemented
-see-also:
-  - n/a
-replaces:
-  - "https://github.com/kubernetes/community/blob/master/contributors/design-proposals/cli/kubectl-extension.md"
-  - "https://github.com/kubernetes/community/pull/481"
-superseded-by:
-  - n/a
----
+
 
 # Kubectl Plugins
 

keps/sig-cli/2379-kubectl-plugins/kep.yaml

@@ -0,0 +1,26 @@
+title: Kubectl Plugins
+kep-number: 2379
+authors:
+  - "@juanvallejo"
+owning-sig: sig-cli
+participating-sigs:
+  - sig-cli
+reviewers:
+  - "@pwittrock"
+  - "@deads2k"
+  - "@liggitt"
+  - "@soltysh"
+approvers:
+  - "@pwittrock"
+  - "@soltysh"
+editor: juanvallejo
+creation-date: 2018-07-24
+last-updated: 2010-02-26
+status: implemented
+see-also:
+  - n/a
+replaces:
+  - "https://github.com/kubernetes/community/blob/master/contributors/design-proposals/cli/kubectl-extension.md"
+  - "https://github.com/kubernetes/community/pull/481"
+superseded-by:
+  - n/a

keps/sig-cli/0032-datadrivencommands.md renamed to keps/sig-cli/2380-data-driven-commands-for-kubectl/README.md

@@ -1,23 +1,4 @@
----
-title: Data Driven Commands for Kubectl
-authors:
-  - "@pwittrock"
-owning-sig: sig-cli
-participating-sigs:
-reviewers:
-  - "@soltysh"
-  - "@juanvallejo"
-  - "@seans3 "
-approvers:
-  - "@soltysh"
-editor: TBD
-creation-date: 2018-11-13
-last-updated: 2018-11-13
-status: provisional
-see-also:
-replaces:
-superseded-by:
----
+
 
 # data driven commands
 
@@ -313,7 +294,7 @@ type Command struct {
 	Deprecated string `json:"deprecated,omitempty"`
 
 	// Flags are the command line flags.
-	// 
+	//
 	// Flags are used by the client to expose command line flags to users and populate the Request go-templates
 	// with the user provided values.
 	//

keps/sig-cli/2380-data-driven-commands-for-kubectl/kep.yaml

@@ -0,0 +1,19 @@
+title: Data Driven Commands for Kubectl
+kep-number: 2380
+authors:
+  - "@pwittrock"
+owning-sig: sig-cli
+participating-sigs:
+reviewers:
+  - "@soltysh"
+  - "@juanvallejo"
+  - "@seans3 "
+approvers:
+  - "@soltysh"
+editor: TBD
+creation-date: 2018-11-13
+last-updated: 2018-11-13
+status: provisional
+see-also:
+replaces:
+superseded-by:

keps/sig-cli/20190920-future-of-kubectl-cp.md renamed to keps/sig-cli/2381-future-of-kubectl-cp/README.md

@@ -1,22 +1,3 @@
----
-title: future-of-kubectl-cp
-authors:
-  - "@sallyom"
-owning-sig: sig-cli
-participating-sigs:
-  - sig-usability
-reviewers:
-  - "@liggitt"
-  - "@brendandburns"
-approvers:
-  - "@pwittrock"
-  - "@soltysh"
-editor: TBD
-creation-date: 2019-09-20
-last-updated: 2019-09-20
-status: provisional
----
-
 # future-of-kubectl-cp
 
 ## Table of Contents
@@ -60,26 +41,26 @@ status: provisional
 
 ## Summary
 
-This document summarizes and originates from this email thread, 
-[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ).   
+This document summarizes and originates from this email thread,
+[Proposal to drop kubectl cp](https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!msg/kubernetes-sig-cli/_zUy67lK49k/aE6vncYiAgAJ).
 
 This document aims to solidify the future of `kubectl cp` as a tool that provides basic function of copying files between local environments and pods.  Any advanced use cases
-such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands.    
+such as those involving symlinks or modifying file permissions should be performed outside of `kubectl cp` through `kubectl exec`, addons, or shell commands.
 
 Over the past few releases, there have been numerous security issues with `kubectl cp` that have resulted in release updates in all supported versions of kubectl.
 At the same time,any new PR that extends `kubectl cp` must undergo extra reviews to evaluate security threats that may arise [1][2].  Over the past few months,
 security fixes have required dropping edge cases and function of the command.  It is increasingly difficult to maintain a cp command that is both
 useful and secure.  There are alternative approaches that provide the same function as `kubectl cp` [3].  Using `kubectl exec ...| tar`
 provides transparency when copying files as well as mitigations for path traversals, symlink directory escapes, tar bombs, and other exploits.
 Use of tar is more featureful, in that it can preserve file permissions and copy pod-to-pod.  Also, `kubectl cp` is dependent on the tar binary
-in a container.  A malicious tar binary is outside of what `kubectl cp` can control.    
+in a container.  A malicious tar binary is outside of what `kubectl cp` can control.
 
-With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl. 
-It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%.     
+With all of this in mind the cost and risk of maintaining the cp command should be weighed against what is considered crucial functionality in kubectl.
+It's better to address 80% of use cases with a simple tool than trying to address the remaining 20% at the cost of risking those 80%.
 
-[1] https://github.com/kubernetes/kubernetes/pull/78622   
-[2] https://github.com/kubernetes/kubernetes/pull/73053   
-[3] https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53   
+[1] https://github.com/kubernetes/kubernetes/pull/78622
+[2] https://github.com/kubernetes/kubernetes/pull/73053
+[3] https://gist.github.com/tallclair/9217e2694b5fdf27b55d6bd1fda01b53
 
 ## Motivation
 
@@ -88,10 +69,10 @@ It's better to address 80% of use cases with a simple tool than trying to addres
     * [CVE-2019-1002101](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1002101)
     * [CVE-2019-11246](https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-11246)
     * [CVE-2019-11249](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11249)
-- To use `kubectl cp`, container images are required to have the tar binary. `kubectl cp` is not available when running containers from the minimal [scratch image](https://hub.docker.com/_/scratch/).    
-  Running from scratch is by itself a tactic to securing containers, as it encourages the best practice of limiting the tools packaged in an image to only what's required by a workload.   
+- To use `kubectl cp`, container images are required to have the tar binary. `kubectl cp` is not available when running containers from the minimal [scratch image](https://hub.docker.com/_/scratch/).
+  Running from scratch is by itself a tactic to securing containers, as it encourages the best practice of limiting the tools packaged in an image to only what's required by a workload.
 
-This proposal is that `kubectl cp` should perform only basic copying of files.  Advanced features of file copying should be out of scope for `kubectl cp`.  
+This proposal is that `kubectl cp` should perform only basic copying of files.  Advanced features of file copying should be out of scope for `kubectl cp`.
 
 ### Goals for kubectl cp
 
@@ -103,18 +84,18 @@ This proposal is that `kubectl cp` should perform only basic copying of files.
 ### Non-Goals
 
 For either of these, a separate proposal weighing the cost/benefit would be required.  These are out of scope of this proposal to simplify `kubectl cp`:
-- Rewrite `kubectl cp` to not use tar, by modifying CRI as outlined partially [here](https://github.com/kubernetes/kubernetes/issues/58512). 
+- Rewrite `kubectl cp` to not use tar, by modifying CRI as outlined partially [here](https://github.com/kubernetes/kubernetes/issues/58512).
 - Rewrite `kubectl cp` to be functional in scratch based containers through use of ephemeral containers as outlined [here](https://github.com/kubernetes/kubernetes/issues/58512#issuecomment-528384746)
 
 ## Proposal
 
 - `kubectl cp` should provide simple function of copying single file or directory between local environments and pods.
-- Identify and document `kubectl exec` commands to address more advanced options for copying files.  
+- Identify and document `kubectl exec` commands to address more advanced options for copying files.
 - Provide users attempting to use `kubectl cp + symlinks/etc` with output showing comparable `kubectl exec ...| tar` cmds.
-- It is up for a decision in this proposal whether the community prefers to implement the `shelling out to tar from within kubectl cp` 
-or leave as suggestions in error output. 
-- Barring decision of the above, only the user stories listed below should be supported by `kubectl cp`.  If additional user stories are added via shelling out to tar from kubectl, 
-  those will be outlined below.    
+- It is up for a decision in this proposal whether the community prefers to implement the `shelling out to tar from within kubectl cp`
+or leave as suggestions in error output.
+- Barring decision of the above, only the user stories listed below should be supported by `kubectl cp`.  If additional user stories are added via shelling out to tar from kubectl,
+  those will be outlined below.
 
 ### User Stories
 
@@ -138,7 +119,7 @@ or leave as suggestions in error output.
 ### Risks and Mitigations
 
 Any scripts or automation that currently rely on advanced features of `kubectl cp` will be broken.
-To mitigate, detailed information about why the command now fails as well as example `kubectl exec ...| tar` alternatives will be output. 
+To mitigate, detailed information about why the command now fails as well as example `kubectl exec ...| tar` alternatives will be output.
 
 ## Design Details
 
@@ -152,8 +133,8 @@ Ensure that failure includes example alternative approach, plus information abou
 ### Upgrade / Downgrade Strategy
 
 `kubectl cp` function removed as a result of a CVE fix or other will be documented clearly.
-Information about why subcommand/option is no longer supported, what files are skipped, and also alternative `kubectl exec ...| tar` commands 
-will be included in failed command output.  This output will then always be given (not just for a deprecation period). 
+Information about why subcommand/option is no longer supported, what files are skipped, and also alternative `kubectl exec ...| tar` commands
+will be included in failed command output.  This output will then always be given (not just for a deprecation period).
 
 ### Version Skew Strategy
 
@@ -162,4 +143,4 @@ will be included in failed command output.  This output will then always be give
 ## Drawbacks
 
 Automation scripts that include `kubectl cp` will be broken if options and features are removed from the command.
-The motivation of improving security is weighed against this potential drawback.  
+The motivation of improving security is weighed against this potential drawback.

keps/sig-cli/2381-future-of-kubectl-cp/kep.yaml

@@ -0,0 +1,17 @@
+title: future-of-kubectl-cp
+kep-number: 2381
+authors:
+  - "@sallyom"
+owning-sig: sig-cli
+participating-sigs:
+  - sig-usability
+reviewers:
+  - "@liggitt"
+  - "@brendandburns"
+approvers:
+  - "@pwittrock"
+  - "@soltysh"
+editor: TBD
+creation-date: 2019-09-20
+last-updated: 2019-09-20
+status: provisional

keps/sig-cli/kustomize-exec-secret-generator.md renamed to keps/sig-cli/2382-kustomize-exec-secret-generator/README.md

@@ -1,22 +1,3 @@
----
-title: Kustomize Exec Secret Generator
-authors:
-  - "@pwittrock"
-owning-sig: sig-cli
-participating-sigs:
-reviewers:
-  - "@anguslees"
-  - "@Liujingfang1"
-  - "@sethpollack"
-approvers:
-  - "@monopole"
-editor: "@pwittrock"
-creation-date: 2019-03-12
-last-updated: 2019-03-12
-status: implementable
-see-also:
-  - "https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/kustomize-secret-generator-plugins.md"
----
 
 
 # Kustomize Exec Secret Generator
@@ -95,7 +76,7 @@ expected to want to be able to invoke the tools they already use for addressing
 ### Goals
 
 - Enable users to generate Secrets using the tools they already use to do so
-- Secure by default - Alice must configure her environment in an insecure manner and run the command in an 
+- Secure by default - Alice must configure her environment in an insecure manner and run the command in an
   insecure way for it to be exploitable
 - Support Linux / Mac / Windows OS's
 

keps/sig-cli/2382-kustomize-exec-secret-generator/kep.yaml

@@ -0,0 +1,18 @@
+title: Kustomize Exec Secret Generator
+kep-number: 2382
+authors:
+  - "@pwittrock"
+owning-sig: sig-cli
+participating-sigs:
+reviewers:
+  - "@anguslees"
+  - "@Liujingfang1"
+  - "@sethpollack"
+approvers:
+  - "@monopole"
+editor: "@pwittrock"
+creation-date: 2019-03-12
+last-updated: 2019-03-12
+status: implementable
+see-also:
+  - "/keps/sig-cli/2385-kustomize-secret-generator-plugins/"