Open
Description
Enhancement Description
- One-line enhancement description (can be used as a release note): Add new API surface to control and track how supplemental groups are applied in the container.
- Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/3619-supplemental-groups-policy
- Discussion Link: Can bypass
PodSecurityContext.SupplementalGroups
by custom container image although PSP(or other policy engines) enforces the field kubernetes#112879 - Primary contact (assignee): @everpeace
- Responsible SIGs: sig-node
- Enhancement target (which target equals to which milestone):
- Alpha release target (x.y): 1.31
- Beta release target (x.y): 1.33
- Stable release target (x.y):
- Alpha: v1.31
- KEP (
k/enhancements
) update PR(s):- KEP-3169: Fine-grained SupplementalGroups control #3620
- KEP-3619: update Test Plan and Graduation Criteria for KEP freeze #3862
- KEP-3619: Cleanup After Freeze #3874
- KEP-3619: update the latest milestone to v1.31 #4628
- KEP-3619: Add
SupplementalGroupsPolicy
feature fields in Kubernetes API(Node.Status
) and CRI(RuntimeStatusResponse
) #4728
- Code (
k/k
) update PR(s): - Docs (
k/website
) update PR(s): - contained (optional):
- CRI-O (optional):
- cri-tools (optional):
- KEP (
- Beta: v1.33
- KEP (
k/enhancements
) update PR(s): - Code (
k/k
) update PR(s): - Docs (
k/website
) update(s): - cri-tools (optional)
- KEP (
Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
/assign
/sig node
/kind feature