From caf0d1d61874a2c8687b7deb773eca30ddaee5b6 Mon Sep 17 00:00:00 2001
From: Aaron Crickenberger <spiffxp@google.com>
Date: Tue, 6 Aug 2019 14:14:33 -0700
Subject: Kubelet API access should not be allowed for conformance tests

---
 contributors/devel/sig-architecture/conformance-tests.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/contributors/devel/sig-architecture/conformance-tests.md b/contributors/devel/sig-architecture/conformance-tests.md
index e179f067..7c2aae22 100644
--- a/contributors/devel/sig-architecture/conformance-tests.md
+++ b/contributors/devel/sig-architecture/conformance-tests.md
@@ -33,6 +33,9 @@ specifically, a test is eligible for promotion to conformance if:
 
 - it tests only GA, non-optional features or APIs (e.g., no alpha or beta
   endpoints, no feature flags required, no deprecated features)
+- it does not require direct access to kubelet's API to pass (nor does it
+  require indirect access via the API server node proxy endpoint); it MAY
+  use the kubelet API for debugging purposes upon failure
 - it works for all providers (e.g., no `SkipIfProviderIs`/`SkipUnlessProviderIs`
   calls)
 - it is non-privileged (e.g., does not require root on nodes, access to raw
-- 
cgit v1.2.3