Provide OIDC discovery for service account token issuer

[mtaufen]

Enhancement Description

• One-line enhancement description (can be used as a release note): Provide OIDC discovery endpoints for the API server's service account token issuer.
• Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1393-oidc-discovery
• Associated Pull Requests:
  • Feature, unit and integration tests: Provide OIDC discovery for service account token issuer kubernetes#80724
  • Agnhost: Update agnhost to test OIDC validation of JWT tokens kubernetes#88049
  • E2E Test: Add e2e test for validating JWTs as OIDC tokens kubernetes#88048
  • Docs PR: ServiceAccountIssuerDiscovery: Add user facing documentation website#19328
  • Beta PRs:
    • kops integration (evidence of use on multiple clouds): Simplified form of IAM Roles for ServiceAccounts kops#9352
    • Migrate to Beta: Graduate ServiceAccountIssuerDiscovery to beta kubernetes#91921
    • Beta Docs PR: Update docs for ServiceAccountIssuerDiscovery beta website#23887
  • GA PRs:
    • PRR Updates in KEP: Add PRR survey to OIDC Discovery KEP #2363
    • Move E2E test to main E2E suite: Move ServiceAccountIssuerDiscovery test into main e2e suite kubernetes#98587
    • Graduate to GA Graduate ServiceAccountIssuerDiscovery to GA kubernetes#98553
    • Promote test to conformance: Promote ServiceAccountIssuerDiscovery test to conformance kubernetes#98586
    • GA Docs updates: Update ServiceAccountIssuerDiscovery docs for GA website#26660
• Primary contact (assignee): @mtaufen
• Responsible SIGs: sig-auth
• Enhancement target (which target equals to which milestone):
  • Alpha release target (1.18)
  • Beta release target (1.20)
  • Stable release target (1.21)

[mtaufen]

/sig auth

[mtaufen]

/assign @mtaufen

[mtaufen]

/milestone 1.18

[k8s-ci-robot]

@mtaufen: You must be a member of the kubernetes/milestone-maintainers GitHub team to set the milestone. If you believe you should be able to issue the /milestone command, please contact your and have them propose you as an additional delegate for this responsibility.

In response to this:

/milestone 1.18

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[helayoty]

Hey there @mtaufen -- 1.18 Enhancements shadow here. I wanted to check in and see if you think this Enhancement will be graduating to alpha in 1.18 or having a major change in its current level?

The current release schedule is:

Tuesday, January 28th EOD PST - Enhancements Freeze
Thursday, March 5th, EOD PST - Code Freeze
Monday, March 16th - Docs must be completed and reviewed
Tuesday, March 24th - Kubernetes 1.18.0 Released

To be included in the release, this enhancement must have a merged KEP in the implementable status.

The KEP must also have graduation criteria and a Test Plan defined.

If you would like to include this enhancement, once coding begins please list all relevant k/k PRs in this issue so they can be tracked properly. 👍

Thanks!

[mtaufen]

It is planned to graduate to alpha in 1.18. Thanks for checking in.

…

On Tue, Jan 14, 2020 at 5:43 PM Heba Elayoty ***@***.***> wrote: Hey there @mtaufen <https://github.com/mtaufen> -- 1.18 Enhancements shadow here. I wanted to check in and see if you think this Enhancement will be graduating to alpha in 1.18 or having a major change in its current level? The current release schedule is: Tuesday, January 28th EOD PST - Enhancements Freeze Thursday, March 5th, EOD PST - Code Freeze Monday, March 16th - Docs must be completed and reviewed Tuesday, March 24th - Kubernetes 1.18.0 Released To be included in the release, this enhancement must have a merged KEP in the *implementable* status. The KEP must also have graduation criteria and a Test Plan defined. If you would like to include this enhancement, once coding begins please list all relevant k/k PRs in this issue so they can be tracked properly. 👍 Thanks! — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#1393?email_source=notifications&email_token=AAG4TQKSKWK5DEGHBUJUJBDQ5ZS25A5CNFSM4JV6YP3KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEI6YERQ#issuecomment-574456390>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG4TQJDEF4T4TCXMVE7VBTQ5ZS25ANCNFSM4JV6YP3A> .

-- Michael Taufen Google SWE

[mtaufen]

I'll double-check to see if the KEP had a test plan.

…

On Wed, Jan 15, 2020 at 5:28 PM Michael Taufen ***@***.***> wrote: It is planned to graduate to alpha in 1.18. Thanks for checking in. On Tue, Jan 14, 2020 at 5:43 PM Heba Elayoty ***@***.***> wrote: > Hey there @mtaufen <https://github.com/mtaufen> -- 1.18 Enhancements > shadow here. I wanted to check in and see if you think this Enhancement > will be graduating to alpha in 1.18 or having a major change in its current > level? > > The current release schedule is: > > Tuesday, January 28th EOD PST - Enhancements Freeze > Thursday, March 5th, EOD PST - Code Freeze > Monday, March 16th - Docs must be completed and reviewed > Tuesday, March 24th - Kubernetes 1.18.0 Released > > To be included in the release, this enhancement must have a merged KEP in > the *implementable* status. > > The KEP must also have graduation criteria and a Test Plan defined. > > If you would like to include this enhancement, once coding begins please > list all relevant k/k PRs in this issue so they can be tracked properly. > 👍 > > Thanks! > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <#1393?email_source=notifications&email_token=AAG4TQKSKWK5DEGHBUJUJBDQ5ZS25A5CNFSM4JV6YP3KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEI6YERQ#issuecomment-574456390>, > or unsubscribe > <https://github.com/notifications/unsubscribe-auth/AAG4TQJDEF4T4TCXMVE7VBTQ5ZS25ANCNFSM4JV6YP3A> > . > -- Michael Taufen Google SWE

-- Michael Taufen Google SWE

[helayoty]

@mtaufen Thanks for the update. I'd appreciate having the updated KEP in an implementable status along with all relevant k/k PRs in the issue.

[helayoty]

/milestone v1.18