Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

sig-auth: 2023 annual report #7943

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

sig-auth: 2023 annual report #7943

wants to merge 2 commits into from
+32 −10

Conversation

aramase
Copy link
Member

@aramase aramase commented Jun 17, 2024

fixes #7765

/assign enj ritazh liggitt

@aramase
sig-auth: 2023 annual report
2377bed 
Signed-off-by: Anish Ramasekar <[email protected]>
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jun 17, 2024
@k8s-ci-robot k8s-ci-robot added area/annual-reports Issues or PRs related to the annual reports sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels Jun 17, 2024
aramase
aramase commented Jun 17, 2024
View reviewed changes
sig-auth/annual-report-2023.md
Comment on lines +22 to +25
- [KEP-3325: Review attributes of a current user](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3325-self-subject-attributes-review-api) promoted to stable in v1.28.
- `whoami` kubectl command promoted from `kubectl alpha` to `kubectl` [in v1.27](https://github.com/kubernetes/kubernetes/pull/116510).
- Kubelet: security of dynamic resource allocation was enhanced by limiting node access to those objects that are needed on the node [in v1.28](https://github.com/kubernetes/kubernetes/pull/116254).
- [KEP-3299: KMS v2 Improvements](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3299-kms-v2-improvements) promoted to stable in v1.29.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only listed the KEPs that graduated to stable for Major KEP advancement

ritazh
ritazh reviewed Jun 19, 2024
View reviewed changes
sig-auth/annual-report-2023.md
- `KMSv2` is the recommended version of the KMS feature.
- `KMSv1` was deprecated [in v1.28](https://github.com/kubernetes/kubernetes/pull/119007) and will only receive security updates going forward. Set `--feature-gates=KMSv1=true` to use the deprecated `KMSv1` feature.
- Important initiatives that aren't tracked via KEPs:
- Once a week issue/PR triage meetings.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we want to mention Needs KEP / release work #sig-auth

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added it to Are there any areas and/or subprojects that your group needs help with (e.g. fewer than 2 active OWNERS)? as per #7943 (comment).

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aramase
Once this PR has been reviewed and has the lgtm label, please ask for approval from enj. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@aramase
review feedback
77025b5 
Signed-off-by: Anish Ramasekar <[email protected]>
@aramase aramase force-pushed the aramase/d/sig_auth_annual_report_2023 branch from 2ca06d5 to 77025b5 Compare June 19, 2024 06:53
@aramase aramase requested a review from ritazh June 19, 2024 06:55
@pohly
Copy link
Contributor

pohly commented Jun 19, 2024

/cc

@k8s-ci-robot k8s-ci-robot requested a review from pohly June 19, 2024 11:44
@ritazh
Copy link
Member

ritazh commented Jun 19, 2024

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jun 19, 2024
@ritazh
Copy link
Member

ritazh commented Jun 25, 2024

@pohly can you PTAL? Thanks!

pohly
pohly reviewed Jul 4, 2024
View reviewed changes
sig-auth/annual-report-2023.md
[Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) `Restricted` profile captures what this plugin was trying to achieve
in a better and up-to-date way.
- [KEP-3325: Review attributes of a current user](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/3325-self-subject-attributes-review-api) promoted to stable in v1.28.
- `whoami` kubectl command promoted from `kubectl alpha` to `kubectl` [in v1.27](https://github.com/kubernetes/kubernetes/pull/116510).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
- `whoami` kubectl command promoted from `kubectl alpha` to `kubectl` [in v1.27](https://github.com/kubernetes/kubernetes/pull/116510).
- `whoami` kubectl command promoted from `kubectl alpha` to `kubectl beta` [in v1.27](https://github.com/kubernetes/kubernetes/pull/116510).

beta missing?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise this looks good to me.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pohly pohly pohly left review comments

@liggitt liggitt Awaiting requested review from liggitt

@ritazh ritazh Awaiting requested review from ritazh

Assignees

@liggitt liggitt

@ritazh ritazh

@enj enj

Labels
area/annual-reports Issues or PRs related to the annual reports cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
SIG Auth
Status: In Review
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2023 Annual Report: SIG Auth
6 participants
@aramase @k8s-ci-robot @pohly @ritazh @liggitt @enj