Run control-plane as non-root in kubeadm. #2568
Description
Enhancement Description
- One-line enhancement description (can be used as a release note): Run control-plane as non-root in kubeadm.
- Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-cluster-lifecycle/kubeadm/2568-kubeadm-non-root-control-plane/
- Discussion Link:
- Primary contact (assignee): @vinayakankugoyal
- Responsible SIGs: sig-cluster-lifecycle, sig-security
- Enhancement target (which target equals to which milestone):
- Alpha release target (x.y): 1.22
- Beta release target (x.y): 1.24
- Stable release target (x.y): 1.25
- Alpha
- KEP (
k/enhancements) update PR(s): - Code (
k/k) update PR(s):- runtime/default Seccomp Profile in kubeadm control-plane components. kubernetes#100234
- Add a feature-gate to kubeadm to enable/disable rootless control-plane. kubernetes#102158
- Add user and group name constants for kubeadm rootless control-plane. kubernetes#102494
- kubeadm: add utilities to manage users and groups kubernetes#102463
- Add utils to set file/directory owners and permissions. kubernetes#102604
- Update CreateInitStaticPodManifestFiles, CreateStaticPodFiles and CreateLocalEtcdStaticPodManifestFile to take into account if the command was run as dry-run. kubernetes#102722
- Update kubeadm control-plane to run as non-root. kubernetes#102759
- Update etcd in kubeadm to run as non-root. kubernetes#102862
- kubeadm: fix wrong check for keys/certs during "download-certs" kubernetes#103313
- Fix incorrect user and group for kube-scheduler when it is running as non-root. kubernetes#103380
- Docs (
k/website) update PR(s): documentation updates are not required forkubeadmalpha features.
- KEP (
Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
k/kubeadm tracking issue:
kubernetes/kubeadm#1367
kubernetes/kubeadm#2473