kubernetes
/
community
mirror of https://github.com/kubernetes/community.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
community/sig-auth/README.md

160 lines
11 KiB
Markdown
Raw Blame History

<!---
This is an autogenerated file!
Please do not edit this file directly, but instead make changes to the
sigs.yaml file in the project root.
To understand how this file is generated, see https://git.k8s.io/community/generator/README.md
--->
# Auth Special Interest Group
Covers improvements to Kubernetes authorization, authentication, and cluster security policy.
"All I want is a secure system where it's easy to do anything I want. Is that so much to ask?" - [xkcd](https://xkcd.com/2044 "xkcd")
The [charter](charter.md) defines the scope and governance of the Auth Special Interest Group.
## Meetings
* Regular SIG Meeting: [Wednesdays at 11:00 PT (Pacific Time)](https://zoom.us/j/264572674) (biweekly). [Convert to your timezone](http://www.thetimezoneconverter.com/?t=11:00&tz=PT%20%28Pacific%20Time%29).
* [Meeting notes and Agenda](https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit#).
* [Meeting recordings](https://www.youtube.com/playlist?list=PL69nYSiGNLP0VMOZ-V7-5AchXTHAQFzJw).
* Secrets Store CSI Meeting: [Thursdays at 8:00 PT (Pacific Time)](https://zoom.us/j/91272289538) (biweekly). [Convert to your timezone](http://www.thetimezoneconverter.com/?t=8:00&tz=PT%20%28Pacific%20Time%29).
* [Meeting notes and Agenda](https://docs.google.com/document/d/1q74nboAg0GSPcom3kLWCIoWg43Qg3mr306KNL58f2hg/edit#).
* [Meeting recordings](https://www.youtube.com/playlist?list=PL69nYSiGNLP0PCFJrlpV6_nR_j_3RtnwI).
## Leadership
### Chairs
The Chairs of the SIG run operations and processes governing the SIG.
* Mo Khan (**[@enj](https://github.com/enj)**), VMware
* Mike Danese (**[@mikedanese](https://github.com/mikedanese)**), Google
* Tim Allclair (**[@tallclair](https://github.com/tallclair)**), Apple
### Technical Leads
The Technical Leads of the SIG establish new subprojects, decommission existing
subprojects, and resolve cross-subproject technical issues and decisions.
* David Eads (**[@deads2k](https://github.com/deads2k)**), Red Hat
* Jordan Liggitt (**[@liggitt](https://github.com/liggitt)**), Google
* Mike Danese (**[@mikedanese](https://github.com/mikedanese)**), Google
## Emeritus Leads
* Eric Chiang (**[@ericchiang](https://github.com/ericchiang)**)
* Eric Tune (**[@erictune](https://github.com/erictune)**)
## Contact
- Slack: [#sig-auth](https://kubernetes.slack.com/messages/sig-auth)
- [Mailing list](https://groups.google.com/forum/#!forum/kubernetes-sig-auth)
- [Open Community Issues/PRs](https://github.com/kubernetes/community/labels/sig%2Fauth)
- GitHub Teams:
- [@kubernetes/sig-auth-api-reviews](https://github.com/orgs/kubernetes/teams/sig-auth-api-reviews) - API Changes and Reviews
- [@kubernetes/sig-auth-bugs](https://github.com/orgs/kubernetes/teams/sig-auth-bugs) - Bug Triage and Troubleshooting
- [@kubernetes/sig-auth-feature-requests](https://github.com/orgs/kubernetes/teams/sig-auth-feature-requests) - Feature Requests
- [@kubernetes/sig-auth-misc](https://github.com/orgs/kubernetes/teams/sig-auth-misc) - General Discussion
- [@kubernetes/sig-auth-pr-reviews](https://github.com/orgs/kubernetes/teams/sig-auth-pr-reviews) - PR Reviews
- [@kubernetes/sig-auth-proposals](https://github.com/orgs/kubernetes/teams/sig-auth-proposals) - Design Proposals
- [@kubernetes/sig-auth-test-failures](https://github.com/orgs/kubernetes/teams/sig-auth-test-failures) - Test Failures and Triage
- Steering Committee Liaison: Christoph Blecker (**[@cblecker](https://github.com/cblecker)**)
## Subprojects
The following [subprojects][subproject-definition] are owned by sig-auth:
### audit-logging
Kubernetes API support for audit logging.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/auditregistration/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/apis/audit/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/audit/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/plugin/pkg/audit/OWNERS
### authenticators
Kubernetes API support for authentication.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/kubeapiserver/authenticator/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/registry/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/auth/authenticator/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/plugin/pkg/authenticator/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/kubernetes/typed/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/listers/authentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/pkg/apis/clientauthentication/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/plugin/pkg/client/auth/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/tools/auth/OWNERS
### authorizers
Kubernetes API support for authorization.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/rbac/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/kubeapiserver/authorizer/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/kubectl/cmd/auth/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/registry/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/registry/rbac/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/auth/authorizer/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/rbac/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/plugin/pkg/authorizer/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/kubernetes/typed/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/kubernetes/typed/rbac/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/listers/authorization/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/listers/rbac/OWNERS
### certificates
Certificates APIs and client infrastructure to support PKI.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/certificates/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/controller/certificates/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/registry/certificates/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/authentication/request/x509/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/util/cert/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/client-go/util/certificate/OWNERS
### encryption-at-rest
API storage support for storing data encrypted at rest in etcd.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/server/options/encryptionconfig/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/apiserver/pkg/storage/value/encrypt/OWNERS
### multi-tenancy
Proposals and prototypes for introducing tenant model to enable multi-tenant cluster
- **Owners:**
- https://raw.githubusercontent.com/kubernetes-sigs/multi-tenancy/master/OWNERS
### node-identity-and-isolation
Node identity management (co-owned with sig-lifecycle), and authorization restrictions for isolating workloads on separate nodes (co-owned with sig-node).
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/controller/certificates/approver/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/kubelet/certificate/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/admission/noderestriction/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/auth/authorizer/node/OWNERS
### policy-management
API validation and policies enforced during admission, such as PodSecurityPolicy. Excludes run-time policies like NetworkPolicy and Seccomp.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes-sigs/wg-policy-prototypes/master/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/imagepolicy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/apis/policy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/registry/policy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/security/podsecuritypolicy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/admission/imagepolicy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/admission/security/podsecuritypolicy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/imagepolicy/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/staging/src/k8s.io/api/policy/OWNERS
### secrets-store-csi-driver
Integrates secrets stores with Kubernetes via a CSI volume.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes-sigs/secrets-store-csi-driver/master/OWNERS
- **Contact:**
- Slack: [#csi-secrets-store](https://kubernetes.slack.com/messages/csi-secrets-store)
- [Mailing List](https://groups.google.com/forum/#!forum/kubernetes-secrets-store-csi-driver)
### service-accounts
Infrastructure implementing Kubernetes service account based workload identity.
- **Owners:**
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/controller/serviceaccount/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/kubelet/token/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/pkg/serviceaccount/OWNERS
- https://raw.githubusercontent.com/kubernetes/kubernetes/master/plugin/pkg/admission/serviceaccount/OWNERS
[subproject-definition]: https://github.com/kubernetes/community/blob/master/governance.md#subprojects
<!-- BEGIN CUSTOM CONTENT -->
<!-- END CUSTOM CONTENT -->
Reference in New Issue View Git Blame Copy Permalink