File tree Expand file tree Collapse file tree 1 file changed +29
-0
lines changed
keps/sig-auth/3926-handling-undecryptable-resources Expand file tree Collapse file tree 1 file changed +29
-0
lines changed Original file line number Diff line number Diff line change @@ -626,6 +626,35 @@ in back-to-back releases.
626626
627627#### Beta
628628
629+ - Feature enabled by default
630+ - Dry-run support for unsafe corrupt object deletion
631+ ([ #134037 ] ( https://github.com/kubernetes/kubernetes/pull/134037 ) - open)
632+ - Comprehensive test coverage as outlined below
633+
634+ ##### Testing Requirements
635+
636+ The following PRs and integration tests are required:
637+
638+ - Test to verify list error aggregation
639+ ([ #129129 ] ( https://github.com/kubernetes/kubernetes/pull/129129 ) - open)
640+ - Test the delete handler with unsafe deletion flow
641+ ([ #128726 ] ( https://github.com/kubernetes/kubernetes/pull/128726 ) - open)
642+
643+ Additional integration tests must be added:
644+
645+ - ** Deserialization failure via bit-flip** : Simulate data corruption (not just
646+ encryption failure) to verify the feature handles general deserialization
647+ errors.
648+
649+ - ** Deletion works for CRDs** : Verify that corrupt custom resource instances
650+ can be deleted using the same mechanism as built-in resources.
651+
652+ - ** KAS health recovery** : After deleting all corrupt objects, verify that:
653+ - Corrupt objects are removed from storage
654+ - kube-apiserver returns to a healthy state
655+ - Re-list operations eventually succeed
656+ - Informers return to steady-state
657+
629658### Upgrade / Downgrade Strategy
630659
631660<!--
You can’t perform that action at this time.
0 commit comments