centra/photoncloud-monorepo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
photoncloud-monorepo/docs/por/T057-k8shost-resource-management/task.yaml
centra d2149b6249 fix(lightningstor): Fix SigV4 canonicalization for AWS S3 auth 
- Replace form_urlencoded with RFC 3986 compliant URI encoding
- Implement aws_uri_encode() matching AWS SigV4 spec exactly
- Unreserved chars (A-Z,a-z,0-9,-,_,.,~) not encoded
- All other chars percent-encoded with uppercase hex
- Preserve slashes in paths, encode in query params
- Normalize empty paths to '/' per AWS spec
- Fix test expectations (body hash, HMAC values)
- Add comprehensive SigV4 signature determinism test

This fixes the canonicalization mismatch that caused signature
validation failures in T047. Auth can now be enabled for production.

Refs: T058.S1
2025-12-12 06:23:46 +09:00

53 lines
1.6 KiB
YAML
Raw Blame History

id: T057
name: k8shost Resource Management
goal: Implement proper IP Address Management (IPAM) and tenant-aware scheduling for k8shost
status: planned
priority: P1
owner: peerB
created: 2025-12-12
depends_on: []
blocks: [T039]
context: |
**Findings from T049 Audit:**
- `k8shost/crates/k8shost-server/src/scheduler.rs`: `// TODO: Get list of active tenants from IAM or FlareDB`
- `k8shost/crates/k8shost-server/src/services/service.rs`: `/// TODO: Implement proper IP allocation with IPAM`
**Strategic Value:**
- Essential for multi-tenant isolation and efficient resource utilization.
- Required for Production Readiness (T039).
acceptance:
- k8shost scheduler is tenant-aware (can prioritize/constrain pods by tenant)
- Pluggable IPAM system implemented for Service IP allocation
- IPAM integrates with PrismNET for IP assignment and management
- Integration tests for tenant scheduling and IPAM
steps:
- step: S1
name: IPAM System Design & Spec
done: Define IPAM system architecture and API (integration with PrismNET)
status: pending
owner: peerA
priority: P1
- step: S2
name: Service IP Allocation
done: Implement IPAM integration for k8shost Service IPs
status: pending
owner: peerB
priority: P1
- step: S3
name: Tenant-Aware Scheduler
done: Modify scheduler to respect tenant constraints/priorities
status: pending
owner: peerB
priority: P1
notes: |
- Integrate with IAM to get tenant information.
- Use CreditService for quota enforcement (already done in T045).
evidence: []
notes: |
Critical for multi-tenant and production deployments.
Reference in a new issue View git blame Copy permalink