History

Pravar Agrawal 47a20fdcd3 update code as per review comments		2021-08-13 15:48:42 +05:30
..
archive	Archive 2020 SIG-Auth meeting notes	2021-04-14 15:40:55 -07:00
CONTRIBUTING.md	update code as per review comments	2021-08-13 15:48:42 +05:30
OWNERS	Updated OWNERS files to include link to docs	2019-01-30 19:37:21 +01:00
README.md	sig-auth: add pod-security-admission repo	2021-05-21 09:52:44 +05:30
annual-report-2020.md	Rename annual reports to match calendar year	2021-06-04 14:48:48 -04:00
charter.md	Rename Product Security Team to Committee	2019-03-04 11:47:21 -07:00

README.md

Auth Special Interest Group

Covers improvements to Kubernetes authorization, authentication, and cluster security policy.

"All I want is a secure system where it's easy to do anything I want. Is that so much to ask?" - xkcd

The charter defines the scope and governance of the Auth Special Interest Group.

Meetings

Regular SIG Meeting: Wednesdays at 11:00 PT (Pacific Time) (biweekly). Convert to your timezone.
- Meeting notes and Agenda.
- Meeting recordings.
Secrets Store CSI Meeting: Thursdays at 8:00 PT (Pacific Time) (biweekly). Convert to your timezone.
- Meeting notes and Agenda.
- Meeting recordings.

Leadership

Chairs

The Chairs of the SIG run operations and processes governing the SIG.

Mo Khan (@enj), VMware
Mike Danese (@mikedanese), Google
Rita Zhang (@ritazh), Microsoft

Technical Leads

The Technical Leads of the SIG establish new subprojects, decommission existing subprojects, and resolve cross-subproject technical issues and decisions.

David Eads (@deads2k), Red Hat
Jordan Liggitt (@liggitt), Google
Mike Danese (@mikedanese), Google

Emeritus Leads

Eric Chiang (@ericchiang)
Eric Tune (@erictune)
Tim Allclair (@tallclair)

Contact

Slack: #sig-auth
Mailing list
Open Community Issues/PRs
GitHub Teams:
- @kubernetes/sig-auth-api-reviews - API Changes and Reviews
- @kubernetes/sig-auth-bugs - Bug Triage and Troubleshooting
- @kubernetes/sig-auth-feature-requests - Feature Requests
- @kubernetes/sig-auth-misc - General Discussion
- @kubernetes/sig-auth-pr-reviews - PR Reviews
- @kubernetes/sig-auth-proposals - Design Proposals
- @kubernetes/sig-auth-test-failures - Test Failures and Triage
Steering Committee Liaison: Christoph Blecker (@cblecker)

Subprojects

The following subprojects are owned by sig-auth:

audit-logging

Kubernetes API support for audit logging.

Owners:

authenticators

Kubernetes API support for authentication.

Owners:

authorizers

Kubernetes API support for authorization.

Owners:

certificates

Certificates APIs and client infrastructure to support PKI.

Owners:

encryption-at-rest

API storage support for storing data encrypted at rest in etcd.

Owners:
- kubernetes/kubernetes/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig
- kubernetes/kubernetes/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt

hierarchical-namespace-controller

Controller to manage hierarchical namespaces

Owners:
- kubernetes-sigs/hierarchical-namespaces

multi-tenancy

Proposals and prototypes for introducing tenant model to enable multi-tenant cluster

Owners:
- kubernetes-sigs/multi-tenancy

node-identity-and-isolation

Node identity management (co-owned with sig-lifecycle), and authorization restrictions for isolating workloads on separate nodes (co-owned with sig-node).

Owners:

policy-management

API validation and policies enforced during admission, such as PodSecurityPolicy. Excludes run-time policies like NetworkPolicy and Seccomp.

Owners:

secrets-store-csi-driver

Integrates secrets stores with Kubernetes via a CSI volume.

Owners:
- kubernetes-sigs/secrets-store-csi-driver
Contact:
- Slack: #csi-secrets-store
- Mailing List

service-accounts

Infrastructure implementing Kubernetes service account based workload identity.

Owners: