History

Jordan Liggitt 099a722621 Generate		2022-01-27 15:58:10 -05:00
..
archive	Archive 2020 SIG-Auth meeting notes	2021-04-14 15:40:55 -07:00
CONTRIBUTING.md	update code as per review comments	2021-08-13 15:48:42 +05:30
OWNERS	Updated OWNERS files to include link to docs	2019-01-30 19:37:21 +01:00
README.md	Generate	2022-01-27 15:58:10 -05:00
annual-report-2020.md	Rename annual reports to match calendar year	2021-06-04 14:48:48 -04:00
annual-report-2021.md	Add annual report templates for 2021	2022-01-25 08:54:16 -08:00
charter.md	Rename Product Security Team to Committee	2019-03-04 11:47:21 -07:00

README.md

Auth Special Interest Group

Covers improvements to Kubernetes authorization, authentication, and cluster security policy.

"All I want is a secure system where it's easy to do anything I want. Is that so much to ask?" - xkcd

The charter defines the scope and governance of the Auth Special Interest Group.

Meetings

Joining the mailing list for the group will typically add invites for the following meetings to your calendar.

Regular SIG Meeting: Wednesdays at 11:00 PT (Pacific Time) (biweekly). Convert to your timezone.
- Meeting notes and Agenda.
- Meeting recordings.
Secrets Store CSI Meeting: Thursdays at 8:00 PT (Pacific Time) (biweekly). Convert to your timezone.
- Meeting notes and Agenda.
- Meeting recordings.

Leadership

Chairs

The Chairs of the SIG run operations and processes governing the SIG.

Mo Khan (@enj), VMware
Mike Danese (@mikedanese), Google
Rita Zhang (@ritazh), Microsoft

Technical Leads

The Technical Leads of the SIG establish new subprojects, decommission existing subprojects, and resolve cross-subproject technical issues and decisions.

David Eads (@deads2k), Red Hat
Jordan Liggitt (@liggitt), Google
Mike Danese (@mikedanese), Google

Emeritus Leads

Eric Chiang (@ericchiang)
Eric Tune (@erictune)
Tim Allclair (@tallclair)

Contact

Slack: #sig-auth
Mailing list
Open Community Issues/PRs
GitHub Teams:
- @kubernetes/sig-auth-api-reviews - API Changes and Reviews
- @kubernetes/sig-auth-bugs - Bug Triage and Troubleshooting
- @kubernetes/sig-auth-feature-requests - Feature Requests
- @kubernetes/sig-auth-misc - General Discussion
- @kubernetes/sig-auth-pr-reviews - PR Reviews
- @kubernetes/sig-auth-proposals - Design Proposals
- @kubernetes/sig-auth-test-failures - Test Failures and Triage
Steering Committee Liaison: Christoph Blecker (@cblecker)

Working Groups

The following working groups are sponsored by sig-auth:

Subprojects

The following subprojects are owned by sig-auth:

audit-logging

Kubernetes API support for audit logging.

Owners:

authenticators

Kubernetes API support for authentication.

Owners:

authorizers

Kubernetes API support for authorization.

Owners:

certificates

Certificates APIs and client infrastructure to support PKI.

Owners:

encryption-at-rest

API storage support for storing data encrypted at rest in etcd.

Owners:
- kubernetes/kubernetes/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig
- kubernetes/kubernetes/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt

hierarchical-namespace-controller

Controller to manage hierarchical namespaces

Owners:
- kubernetes-sigs/hierarchical-namespaces

multi-tenancy

Proposals and prototypes for introducing tenant model to enable multi-tenant cluster

Owners:
- kubernetes-sigs/multi-tenancy

node-identity-and-isolation

Node identity management (co-owned with sig-lifecycle), and authorization restrictions for isolating workloads on separate nodes (co-owned with sig-node).

Owners:

policy-management

API validation and policies enforced during admission, such as PodSecurityPolicy. Excludes run-time policies like NetworkPolicy and Seccomp.

Owners:

secrets-store-csi-driver

Integrates secrets stores with Kubernetes via a CSI volume.

Owners:
- kubernetes-sigs/secrets-store-csi-driver
Contact:
- Slack: #csi-secrets-store
- Mailing List

service-accounts

Infrastructure implementing Kubernetes service account based workload identity.

Owners: