-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Reduction of Secret-based Service Account Tokens #2799
Comments
/sig auth |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
Hi @zshihang , 1.24 Enhancements Lead here. Will this enhancement (both features) be in alpha for 1.24? |
LegacyServiceAccountTokenNoAutoGeneration would be beta in 1.24; LegacyServiceAccountTokenTracking and LegacyServiceAccountTokenCleanUp would be alpha in 1.24. |
Cross posted in PR
The status of this enhancement is track as |
@gracenng the linked PR has now merged. can you confirm this is in good shape for enhancements freeze? |
Thanks for the ping @liggitt . Updated status to |
Hi @zshihang 👋 1.24 Docs shadow here. This enhancement is marked as 'Needs Docs' for the 1.24 release. Please follow the steps detailed in the documentation to open a PR against the dev-1.24 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thu March 31, 11:59 PM PDT. Also, if needed take a look at Documenting for a release to familiarize yourself with the docs requirement for the release. Thanks! |
Hi @zshihang 1.24 Enhancements Team here, With Code Freeze approaching on 18:00 PDT Tuesday March 29th 2022, the enhancement status is |
updated description with code and docs PRs |
@liggitt Thanks for adding links to the docs PRs. Is that all the documentation required for this KEP in 1.24? |
the unchecked items represent work yet to be done |
Targeting promotion to stable in 1.30 |
Hello @zshihang 👋, Enhancements team here. Just checking in as we approach enhancements freeze on 02:00 UTC Friday 9th February 2024. This enhancement is targeting for stage Here's where this enhancement currently stands:
For this KEP, we would just need to update the following:
The status of this enhancement is marked as |
#4465 should address #2799 (comment) |
Thanks! Marking this KEP as |
Hi @liggitt, @zshihang 👋, 1.30 Docs Shadow here. Does this enhancement work planned for 1.30 require any new docs or modification to existing docs? Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release. Thank you! (At a minimum, please remember to update the feature flags to stable for this release ✨) |
👋 from the v1.30 Communications Team! We'd love for you to opt in to write a feature blog about your enhancement! We encourage blogs for features including, but not limited to: breaking changes, features and changes important to our users, and features that have been in progress for a long time and are graduating. To opt in, you need to open a Feature Blog placeholder PR against the website repository. |
We'll need a stability version bumping PR at a minimum. Thanks! |
Thank you for the reminder, @chanieljdan! I opened kubernetes/website#45253 for the stability version bumping up. |
Are there any code changes expected for v1.30 (eg: changing some feature gates from beta to stable)? I see a docs PR but no code change. |
Just the gate promotion in kubernetes/kubernetes#122635 |
Hey again @zshihang 👋 v1.30 Enhancements team here, Just checking in as we approach code freeze at 02:00 UTC Wednesday 6th March 2024 . Here's where this enhancement currently stands:
For this enhancement, with below PRs merged as per the issue description, this enhancement is now marked as tracked for code freeze for the 1.30 Code Freeze! 🚀 Also, please let me know if there are other PRs in k/k we should be tracking for this KEP. As always, we are here to help if any questions come up. Thanks! |
Hi @sreeram-venkitesh, the PR kubernetes/website#45253 is now open for the doc change. Thank you! |
KEP marked as implemented / stable in 1.30 /close |
@liggitt: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Ideally, this feature should not clean up the manually created legacy service account token. But only clean up the auto-generated ones. |
Right, when the manually created service account is correctly used, it will not be cleaned by this cleaner: https://kubernetes.io/docs/reference/access-authn-authz/service-accounts-admin/#:~:text=you%20just%20created.-,Caution%3A,-Do%20not%20reference |
Enhancement Description
One-line enhancement description: reduce secret-based service account tokens
Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/2799-reduction-of-secret-based-service-account-token
Discussion Link: sig-auth
Primary contact (assignee): @zshihang, @yt2985
Responsible SIGs: sig-auth
Enhancement target (which target equals to which milestone):
1.24
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update PR(s):1.25
k/enhancements
) update PR(s):1.26
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):1.27
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):1.28
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):1.29
k/enhancements
) update PR(s):k/k
) update PR(s):k/website
) update(s):The text was updated successfully, but these errors were encountered: