Client Exec Proxy

[nckturner]

Enhancement Description

• One-line enhancement description (can be used as a release note): A client-side proxy for a number of client authentication use cases.
• Kubernetes Enhancement Proposal: Client Exec Proxy #2693
• Discussion Link: SIG-Auth discussion on 2021-04-28
• Primary contact (assignee): @nckturner
• Responsible SIGs: SIG-Auth
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): 1.27
  • Beta release target (x.y): 1.28
  • Stable release target (x.y): 1.29
• Alpha
  • KEP (k/enhancements) update PR(s):
    • Client Exec Proxy #2693
    • KEP-2718: Update to new test plan template #3616
    • KEP-2718 Client exec proxy alpha in 1.27 #3814
  • Code (k/k) update PR(s):
  • Docs (k/website) update PR(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

[nckturner]

/sig auth

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[nckturner]

/remove-lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[enj]

/remove-lifecycle rotten

[rhockenbury]

Quick reminder - Enhancement freeze is about a week away. If you are still looking to get this enhancement into v1.26, please plan to get #2693 merged before enhancement freeze.

[enj]

@rhockenbury #2693 has been approved by SIG Auth leads and PRR #2693 (comment) - we are just waiting on explicit /approve from PRR folks.

[enj]

@rhockenbury and now #2693 is merged 😄

[rhockenbury]

Hey @enj, It looks like the KEP readme needs a few updates to comply with the latest test plan template, specifically around the Test Plan section. I'm going to mark this as tracked but can you please get these changes in ASAP.

[mickeyboxell]

@nckturner Are docs required for this KEP? If so, who will be opening the docs PR for k/website?

[marosset]

Hi @nckturner 👋,

Checking in once more as we approach 1.26 code freeze at 17:00 PDT on Tuesday 8th November 2022.

Please ensure the following items are completed:

• All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• All PRs are fully merged by the code freeze deadline.

For this enhancement, I do not see any k/k PRs linked to this issue.
Please plan to get PRs out for all k/k code so it can be merged up by code freeze.
If you do have k/k PRs open, please link them in the initial issue description.

As always, we are here to help should questions come up. Thanks!

[mickeyboxell]

Hi @nckturner 👋 1.26 Release Docs shadow here. This enhancement is marked as Needs Docs for 1.26 release. Please follow the steps detailed in the documentation to open a PR against dev-1.26 branch in the k/website repo. This PR can be just a placeholder at this time. It must be created by November 9. For more information, take a look at Documenting for a release to familiarize yourself with the docs requirement for the release.

[enj]

/milestone v1.27

Pushing this out to next release as we are out of time in v1.26.

[rhockenbury]

/label tracked/no
/remove-label tracked/yes

[marosset]

Hello @nckturner 👋, Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT Thursday 9th February 2023.

This enhancement is targeting for stage alpha for v1.27 (correct me, if otherwise)

Here's where this enhancement currently stands:

• KEP readme using the latest template has been merged into the k/enhancements repo.
• KEP status is marked as implementable for latest-milestone: v1.27
• KEP readme has a updated detailed test plan section filled out
• KEP readme has up to date graduation criteria
• KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

• Update the latest-milestone and milestone.alpha in the kep.yaml to reflect a 1.27 alpha gradutaion

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well.
Thank you!

[marosset]

#3814

[marosset]

Hi @nckturner 👋,

Checking in as we approach 1.27 code freeze at 17:00 PDT on Tuesday 14th March 2023.

Please ensure the following items are completed:

• All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• All PRs are fully merged by the code freeze deadline.

Please let me know if there are any PRs in k/k I should be tracking for this KEP.

As always, we are here to help should questions come up. Thanks!

[enj]

/milestone clear

We'll pick this back up next release.