Bound service account token improvements

[enj]

Enhancement Description

• One-line enhancement description (can be used as a release note): Bound service account token improvements
• Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/4193-bound-service-account-token-improvements/
• Discussion Link: Discussion Link: 2023-08-16 2023-08-02
• Primary contact (assignee): @enj
• Responsible SIGs: Auth
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): v1.29
  • Beta release target (x.y):
  • Stable release target (x.y):
• Alpha
  • KEP (k/enhancements) update PR(s): KEP-4193: bound service account token improvements #4141
  • Code (k/k) update PR(s): Including JTI & node reference in issued service account tokens (kep 4193) kubernetes#120780
  • Docs (k/website) update PR(s): KEP-4193: bound service account token improvements website#43958

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

[sreeram-venkitesh]

Hello @enj 👋, v1.29 Enhancements team here.

Just checking in as we approach enhancements freeze on 01:00 UTC, Friday, 6th October, 2023.

This enhancement is targeting for stage alpha for v1.29 (correct me, if otherwise)

Here's where this enhancement currently stands:

• KEP readme using the latest template has been merged into the k/enhancements repo.
• KEP status is marked as implementable for latest-milestone: 1.29. KEPs targeting stable will need to be marked as implemented after code PRs are merged and the feature gates are removed.
• KEP readme has up-to-date graduation criteria
• KEP has a production readiness review that has been completed and merged into k/enhancements. (For more information on the PRR process, check here).

For this KEP, everything seems to be done in #4141. Please make sure that the PR is merged in time.

The status of this enhancement is marked as at risk for enhancement freeze. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

[sreeram-venkitesh]

Hi @enj, checking in once more as we approach the 1.29 enhancement freeze deadline on 01:00 UTC Friday, 6th October 2023. The status of this enhancement is marked as at risk. It looks like #4141 will address all of the requirements. Please make sure that the changes are merged in time. Let me know if I missed anything. Thanks!

[liggitt]

@sreeram-venkitesh #4141 is now merged. Can you confirm requirements for 1.29 enhancements freeze are met? Thanks!

[sreeram-venkitesh]

@liggitt Thanks for the ping! Yes all the requirements for the enhancements freeze are met. Updating status to Tracked for enhancements freeze.

[katcosgrove]

Hey there @enj @liggitt and @munnerz! 👋, v1.29 Docs Lead here.
Does this enhancement work planned for v1.29 require any new docs or modification to existing docs?
If so, please follows the steps here to open a PR against dev-1.29 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday, 19 October 2023.
Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.
Thank you!

[katcosgrove]

Hi again @munnerz @enj and @liggitt! The deadline to open a placeholder PR against k/website for required documentation is this Thursday, 19 October. Could you please update me on the status of docs for this enhancement? Thank you!

[munnerz]

Placeholder PR: kubernetes/website#43590

Please let me know if anything more is needed at this time! Thanks :)

[James-Quigley]

Hi @enj 👋 from the v1.29 Communications Release Team! We would like to check if you have any plans to publish blogs for this KEP regarding new features, removals, and deprecations for this release.
If so, you need to open a PR placeholder in the website repository.
The deadline will be on Tuesday 14th November 2023 (after the Docs deadline PR ready for review)
Here's the 1.29 Calendar

[sreeram-venkitesh]

Hey again @enj @munnerz 👋 v1.29 Enhancements team here,

Just checking in as we approach code freeze at 01:00 UTC Wednesday 1st November 2023 .

Here's where this enhancement currently stands:

• All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• All PR/s are ready to be merged (they have approved and lgtm labels applied) by the code freeze deadline. This includes tests.

The status of this KEP is currently at risk for Code Freeze. Please let me know if there are other PRs in k/k we should be tracking for this KEP.

As always, we are here to help if any questions come up. Thanks!

[sreeram-venkitesh]

Hello @enj @munnerz 👋, 1.29 Enhancements team here.

With all the implementation(code related) PRs merged as per the issue description, this enhancement is now marked as tracked for code freeze for the 1.29 Code Freeze! 🚀 Are there any other PRs other than the following ones? If there are any other PRs that needs to be tracked, please let us know. Also please update the issue description with the following PRs:

• Including JTI & node reference in issued service account tokens (kep 4193) kubernetes#120780

The test freeze is 01:00 UTC Wednesday 15th November 2023 / 18:00 PDT Tuesday 14th November 2023. Please make sure all test PRs are merged in by then.

Please let me know if there are additional test PRs we should track. Thanks!

[liggitt]

docs PR reviewed by sig-auth reviewer, ready for docs review at kubernetes/website#43958