Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIG Auth 2021 Annual Report #5740

Merged
merged 4 commits into from
May 5, 2021
Merged

SIG Auth 2021 Annual Report #5740

merged 4 commits into from
May 5, 2021

Conversation

ritazh
Copy link
Member

@ritazh ritazh commented Apr 23, 2021

Which issue(s) this PR fixes:

Fixes #5497

/assign @enj @mikedanese @liggitt @deads2k @tallclair

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Apr 23, 2021
@k8s-ci-robot k8s-ci-robot requested review from deads2k and enj April 23, 2021 05:16
@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Apr 23, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ritazh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 23, 2021
liggitt
liggitt reviewed Apr 23, 2021
View reviewed changes
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
tallclair
tallclair reviewed Apr 29, 2021
View reviewed changes
Copy link
Member

@tallclair tallclair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @ritazh

sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md
**What areas and/or subprojects does the group need the most help with?**

- PSP v2
- Audit Logging
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are some smaller feature requests & issues related to audit logging, but I'm not sure how much work the core auditing system needs right now. I'd still be interested in seeing an out-of-tree implementation of dynamic auditing or a namespaced audit server.

Copy link
Member Author

@ritazh ritazh Apr 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @tallclair! Do you have a link so people who may want to help out will know where to start? How about these: https://github.com/kubernetes/kubernetes/issues?q=is%3Aopen+is%3Aissue+label%3Asig%2Fauth+%22audit+logging%22

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to add the link please

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would explicitly highlight kubernetes/kubernetes#82295, as it's something I really want to see.

Then generally: https://github.com/kubernetes/kubernetes/issues?q=is%3Aopen+is%3Aissue+label%3Aarea%2Faudit+

sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
ritazh
ritazh commented Apr 29, 2021
View reviewed changes
sig-auth/annual-report-2021.md
- PSP v2
- Audit Logging
- Audit ID
- Testing
Copy link
Member Author

@ritazh ritazh Apr 29, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have any issues we can link here that outline what is missing today? @tallclair @mikedanese @liggitt @enj

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes please!

Copy link
Member

@enj enj May 4, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main thing I am aware of is the testing work that @ankeesler has been doing for client-go auth plugins.

xref: kubernetes/enhancements#541 (comment)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ya, the mature surface is pretty well covered. Maybe kubelet auth in e2e tests?

@ritazh
address review comments
8e2efbd 
Signed-off-by: Rita Zhang <[email protected]>
@parispittman parispittman mentioned this pull request May 3, 2021
Closed
28 tasks
enj
enj reviewed May 4, 2021
View reviewed changes
Copy link
Member

@enj enj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor comments.

sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md Show resolved Hide resolved
sig-auth/annual-report-2021.md
- PSP v2
- Audit Logging
- Audit ID
- Testing
Copy link
Member

@enj enj May 4, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main thing I am aware of is the testing work that @ankeesler has been doing for client-go auth plugins.

xref: kubernetes/enhancements#541 (comment)

tallclair
tallclair reviewed May 4, 2021
View reviewed changes
sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
sig-auth/annual-report-2021.md
**What areas and/or subprojects does the group need the most help with?**

- PSP v2
- Audit Logging
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would explicitly highlight kubernetes/kubernetes#82295, as it's something I really want to see.

Then generally: https://github.com/kubernetes/kubernetes/issues?q=is%3Aopen+is%3Aissue+label%3Aarea%2Faudit+

@ritazh
address review comments
2dc042f 
Signed-off-by: Rita Zhang <[email protected]>
tallclair
tallclair reviewed May 4, 2021
View reviewed changes
Copy link
Member

@tallclair tallclair left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

sig-auth/annual-report-2021.md Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 4, 2021
@tallclair
Copy link
Member

/hold
for others

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label May 4, 2021
@enj
Copy link
Member

enj commented May 4, 2021

/lgtm

@ritazh
address review comments
770af02 
Signed-off-by: Rita Zhang <[email protected]>
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 5, 2021
@mikedanese
Copy link
Member

/lgtm
/hold cancel

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. and removed do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. labels May 5, 2021
@k8s-ci-robot k8s-ci-robot merged commit b9aa098 into kubernetes:master May 5, 2021
@ritazh ritazh mentioned this pull request Feb 15, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tallclair tallclair tallclair left review comments

@enj enj enj left review comments

@mikedanese mikedanese mikedanese left review comments

@liggitt liggitt liggitt left review comments

@dims dims dims left review comments

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@liggitt liggitt

@mikedanese mikedanese

@enj enj

@deads2k deads2k

@tallclair tallclair

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
SIG Auth
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

2021 Annual Report: SIG Auth
8 participants
@ritazh @k8s-ci-robot @tallclair @enj @mikedanese @dims @liggitt @deads2k