harden the default RBAC discovery clusterrolebindings #789
Description
Enhancement Description
- One-line enhancement description (can be used as a release note): Remove discovery from the set of APIs which allow for unauthenticated access by default, improving privacy for CRDs and the default security posture of default clusters in general.
- Primary contact (assignee): @dekkagaijin
- Responsible SIGs: sig-auth, sig-api-machinery
- Design proposal link (community repo): https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/0034-20190123-harden-default-discovery-bindings.md
- Link to e2e and/or unit tests: https://github.com/kubernetes/kubernetes/pull/73807/files#diff-10a6ed7aab30ba9661f23a9b9b542e38
- Reviewer(s) - (for LGTM) recommend having 2+ reviewers (at least one from code-area OWNERS file) agreed to review. Reviewers from multiple companies preferred: @liggitt, @deads2k
- Approver (likely from SIG/area to which enhancement belongs): @liggitt
- Enhancement target (which target equals to which milestone):
- Alpha, Beta, Stable release target (1.14)