saschagrunert
diff --git a/‎keps/sig-release/1731-publishing-packages/README.md
Lines changed: 275 additions & 30 deletions b/‎keps/sig-release/1731-publishing-packages/README.md
Lines changed: 275 additions & 30 deletions
@@ -1,15 +1,15 @@
-# Publishing kubernetes packages <!-- omit in toc -->
+# KEP-1731: Publishing Kubernetes packages on community infrastructure <!-- omit in toc -->
 
 <!-- toc -->
-- [Release Signoff Checklist](#release-signoff-checklist)
 - [Summary](#summary)
 - [Motivation](#motivation)
   - [Goals](#goals)
   - [Non-Goals](#non-goals)
 - [Proposal](#proposal)
   - [User Stories](#user-stories)
     - [User Roles](#user-roles)
-  - [Implementation Details/Notes/Constraints](#implementation-detailsnotesconstraints)
+  - [Risks and Mitigations](#risks-and-mitigations)
+- [Design Details](#design-details)
     - [Using OBS instead of manually building and hosting packages](#using-obs-instead-of-manually-building-and-hosting-packages)
     - [How Open Build Service works?](#how-open-build-service-works)
     - [Packages, Operating Systems, and Architectures in Scope](#packages-operating-systems-and-architectures-in-scope)
@@ -21,30 +21,51 @@
     - [Integrating OBS with our current release pipeline](#integrating-obs-with-our-current-release-pipeline)
     - [Authentication to OBS and User Management](#authentication-to-obs-and-user-management)
     - [How are packages used?](#how-are-packages-used)
-  - [Risks and Mitigations](#risks-and-mitigations)
-- [Design Details](#design-details)
   - [Test Plan](#test-plan)
   - [Graduation Criteria](#graduation-criteria)
     - [Alpha](#alpha)
     - [Alpha -&gt; Beta Graduation](#alpha---beta-graduation)
     - [Beta -&gt; GA Graduation](#beta---ga-graduation)
   - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy)
   - [Version Skew Strategy](#version-skew-strategy)
+- [Production Readiness Review Questionnaire](#production-readiness-review-questionnaire)
+  - [Feature Enablement and Rollback](#feature-enablement-and-rollback)
+  - [Rollout, Upgrade and Rollback Planning](#rollout-upgrade-and-rollback-planning)
+  - [Monitoring Requirements](#monitoring-requirements)
+  - [Dependencies](#dependencies)
+  - [Scalability](#scalability)
+  - [Troubleshooting](#troubleshooting)
 - [Implementation History](#implementation-history)
-- [Drawbacks [optional]](#drawbacks-optional)
-- [Alternatives [optional]](#alternatives-optional)
+- [Drawbacks](#drawbacks)
+- [Alternatives](#alternatives)
+- [Infrastructure Needed (Optional)](#infrastructure-needed-optional)
 <!-- /toc -->
 
-## Release Signoff Checklist
-
-- [ ] kubernetes/enhancements issue in release milestone, which links to KEP (this should be a link to the KEP location in kubernetes/enhancements, not the initial KEP PR)
-- [ ] KEP approvers have set the KEP status to `implementable`
-- [ ] Design details are appropriately documented
-- [ ] Test plan is in place, giving consideration to SIG Architecture and SIG Testing input
-- [ ] Graduation criteria is in place
+Items marked with (R) are required *prior to targeting to a milestone / release*.
+
+- [ ] (R) Enhancement issue in release milestone, which links to KEP dir in [kubernetes/enhancements] (not the initial KEP PR)
+- [ ] (R) KEP approvers have approved the KEP status as `implementable`
+- [ ] (R) Design details are appropriately documented
+- [ ] (R) Test plan is in place, giving consideration to SIG Architecture and SIG Testing input (including test refactors)
+  - [ ] e2e Tests for all Beta API Operations (endpoints)
+  - [ ] (R) Ensure GA e2e tests meet requirements for [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+  - [ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
+- [ ] (R) Graduation criteria is in place
+  - [ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md) 
+- [ ] (R) Production readiness review completed
+- [ ] (R) Production readiness review approved
 - [ ] "Implementation History" section is up-to-date for milestone
 - [ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
-- [ ] Supporting documentation e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
+
+<!--
+**Note:** This checklist is iterative and should be reviewed and updated every time this enhancement is being considered for a milestone.
+-->
+
+[kubernetes.io]: https://kubernetes.io/
+[kubernetes/enhancements]: https://git.k8s.io/enhancements
+[kubernetes/kubernetes]: https://git.k8s.io/kubernetes
+[kubernetes/website]: https://git.k8s.io/website
 
 ## Summary
 
@@ -162,7 +183,14 @@ Scenario: [...]
 ```
 -->
 
-### Implementation Details/Notes/Constraints
+### Risks and Mitigations
+
+- _Risk_: The OBS installation provided by openSUSE is unable to serve the load generated by the Kubernetes project
+  _Mitigation_: We can host our own mirrors and take some load from openSUSE (e.g. on Equinix Metal)
+- _Risk_: Building all the packages for all the distributions and their version takes too long to be done nightly or via cutting the release  
+  _Mitigation_: We do not deliver nightly packages or wait for packages to be published in the release pipeline.
+
+## Design Details
 
 Packages will be built and published using [Open Build Service (OBS)][obs]. openSUSE will sponsor the Kubernetes
 project by giving us access to the [OBS instance hosted by openSUSE][obs-build].
@@ -446,17 +474,12 @@ are other manual migration steps needed (e.g. changing the GPG key), we don't co
 
 Different architectures will be published into the same repos, it is up to the package managers to pull and install the correct package for the target platform.
 
-### Risks and Mitigations
-
-- _Risk_: The OBS installation provided by openSUSE is unable to serve the load generated by the Kubernetes project
-  _Mitigation_: We can host our own mirrors and take some load from openSUSE (e.g. on Equinix Metal)
-- _Risk_: Building all the packages for all the distributions and their version takes too long to be done nightly or via cutting the release  
-  _Mitigation_: We do not deliver nightly packages or wait for packages to be published in the release pipeline.
-
-## Design Details
-
 ### Test Plan
 
+[x] We understand the owners of the involved components may require updates to
+existing tests to make this code solid enough prior to committing the changes necessary
+to implement this enhancement.
+
 There should be post-publish tests, which can be run as part or after the release process
 
 - pull packages from the official mirrors
@@ -523,23 +546,245 @@ N/A
 
 N/A
 
+## Production Readiness Review Questionnaire
+
+### Feature Enablement and Rollback
+
+It's up to the user what package repository (OBS or Google) they want to use.
+In case OBS doesn't work for them, they can reconfigure their systems to use
+the Google package repository.
+
+###### How can this feature be enabled / disabled in a live cluster?
+
+N/A. This is configured on the operating system (i.e. package manager) level. 
+
+###### Does enabling the feature change any default behavior?
+
+Not anticipated. We're trying to match the existing spec files as best as we
+can.
+
+###### Can the feature be disabled once it has been enabled (i.e. can we roll back the enablement)?
+
+Yes. Users can rollback to the Google package repository.
+
+###### What happens if we reenable the feature if it was previously rolled back?
+
+There are no side effects anticipated.
+
+###### Are there any tests for feature enablement/disablement?
+
+N/A
+
+### Rollout, Upgrade and Rollback Planning
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### How can a rollout or rollback fail? Can it impact already running workloads?
+
+N/A
+
+###### What specific metrics should inform a rollback?
+
+Installation and upgrading issues. For example, if a package upgrade is not
+possible due to some error.
+
+###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
+
+<!--
+Describe manual testing that was done and the outcomes.
+Longer term, we may want to require automated upgrade/rollback tests, but we
+are missing a bunch of machinery and tooling and can't do that now.
+-->
+
+###### Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?
+
+No.
+
+### Monitoring Requirements
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+-->
+
+###### How can an operator determine if the feature is in use by workloads?
+
+We'll ask openSUSE to provide us with metrics on the repository usage. We don't
+have any metrics for the Google repository and there's no way that we can
+get those metrics.
+
+###### How can someone using this feature know that it is working for their instance?
+
+Kubernetes is installed successfully and the Node is coming up and is "Ready".
+
+###### What are the reasonable SLOs (Service Level Objectives) for the enhancement?
+
+<!--
+This is your opportunity to define what "normal" quality of service looks like
+for a feature.
+
+It's impossible to provide comprehensive guidance, but at the very
+high level (needs more precise definitions) those may be things like:
+  - per-day percentage of API calls finishing with 5XX errors <= 1%
+  - 99% percentile over day of absolute value from (job creation time minus expected
+    job creation time) for cron job <= 10%
+  - 99.9% of /health requests per day finish with 200 code
+
+These goals will help you determine what you need to measure (SLIs) in the next
+question.
+-->
+
+TBD
+
+###### What are the SLIs (Service Level Indicators) an operator can use to determine the health of the service?
+
+<!--
+Pick one more of these and delete the rest.
+-->
+
+- [ ] Metrics
+  - Metric name:
+  - [Optional] Aggregation method:
+  - Components exposing the metric:
+- [ ] Other (treat as last resort)
+  - Details:
+
+TBD
+
+###### Are there any missing metrics that would be useful to have to improve observability of this feature?
+
+<!--
+Describe the metrics themselves and the reasons why they weren't added (e.g., cost,
+implementation difficulties, etc.).
+-->
+
+TBD
+
+### Dependencies
+
+<!--
+This section must be completed when targeting beta to a release.
+-->
+
+###### Does this feature depend on any specific services running in the cluster?
+
+N/A -- this is not a core Kubernetes feature.
+
+### Scalability
+
+###### Will enabling / using this feature result in any new API calls?
+
+No -- this is not a core Kubernetes feature.
+
+###### Will enabling / using this feature result in introducing new API types?
+
+No -- this is not a core Kubernetes feature.
+
+###### Will enabling / using this feature result in any new calls to the cloud provider?
+
+No -- this is not a core Kubernetes feature.
+
+###### Will enabling / using this feature result in increasing size or count of the existing API objects?
+
+No -- this is not a core Kubernetes feature.
+
+###### Will enabling / using this feature result in increasing time taken by any operations covered by existing SLIs/SLOs?
+
+No -- this is not a core Kubernetes feature.
+
+###### Will enabling / using this feature result in non-negligible increase of resource usage (CPU, RAM, disk, IO, ...) in any components?
+
+No.
+
+###### Can enabling / using this feature result in resource exhaustion of some node resources (PIDs, sockets, inodes, etc.)?
+
+No.
+
+### Troubleshooting
+
+<!--
+This section must be completed when targeting beta to a release.
+
+For GA, this section is required: approvers should be able to confirm the
+previous answers based on experience in the field.
+
+The Troubleshooting section currently serves the `Playbook` role. We may consider
+splitting it into a dedicated `Playbook` document (potentially with some monitoring
+details). For now, we leave it here.
+-->
+
+###### How does this feature react if the API server and/or etcd is unavailable?
+
+This isn't relevant -- this is not a core Kubernetes feature.
+
+###### What are other known failure modes?
+
+<!--
+For each of them, fill in the following information by copying the below template:
+  - [Failure mode brief description]
+    - Detection: How can it be detected via metrics? Stated another way:
+      how can an operator troubleshoot without logging into a master or worker node?
+    - Mitigations: What can be done to stop the bleeding, especially for already
+      running user workloads?
+    - Diagnostics: What are the useful log messages and their required logging
+      levels that could help debug the issue?
+      Not required until feature graduated to beta.
+    - Testing: Are there any tests for failure mode? If not, describe why.
+-->
+
+- OpenBuildService is down or in a degraded mode
+  - Detection: relevant tests are failing, we're getting alerts from users, or
+    the OBS team alerted us of such an issue
+  - Mitigations: Such an issue wouldn't affect already provisioned nodes. Users
+    wouldn't be able to provision new nodes.
+  - Diagnostics: APT and Yum error messages.
+  - Testing: No, we can't know in what way OBS can fail in case that happens.
+
+###### What steps should be taken if SLOs are not being met to determine the problem?
+
 ## Implementation History
 
 <!--
-- the `Summary` and `Motivation` sections being merged signaling SIG acceptance
-- the `Proposal` section being merged signaling agreement on a proposed design
+Major milestones in the lifecycle of a KEP should be tracked in this section.
+Major milestones might include:
+- the `Summary` and `Motivation` sections being merged, signaling SIG acceptance
+- the `Proposal` section being merged, signaling agreement on a proposed design
 - the date implementation started
 - the first Kubernetes release where an initial version of the KEP was available
 - the version of Kubernetes where the KEP graduated to general availability
 - when the KEP was retired or superseded
 -->
 
-TBA
+N/A
+
+## Drawbacks
+
+<!--
+Why should this KEP _not_ be implemented?
+-->
+
+N/A
+
+## Alternatives
 
-## Drawbacks [optional]
+<!--
+What other approaches did you consider, and why did you rule them out? These do
+not need to be as detailed as the proposal, but should include enough
+information to express the idea and why it was not acceptable.
+-->
 
 N/A
 
-## Alternatives [optional]
+## Infrastructure Needed (Optional)
+
+<!--
+Use this section if you need things from the project/SIG. Examples include a
+new subproject, repos requested, or GitHub details. Listing these here allows a
+SIG to get the process for these resources started right away.
+-->
 
 N/A