community/sig-auth/annual-report-2023.md

2023 Annual Report: SIG Auth

Current initiatives and Project Health

1. What work did the SIG do this year that should be highlighted?

2. Are there any areas and/or subprojects that your group needs help with (e.g. fewer than 2 active OWNERS)?

3. Did you have community-wide updates in 2023 (e.g. KubeCon talks)?

4. KEP work in 2023 (v1.27, v1.28, v1.29):

• Alpha

  • 2718 - Client Executable Proxy - v1.27
  • 3221 - Structured Authorization Configuration - v1.29
  • 3257 - Cluster Trust Bundles - v1.29
  • 3331 - Structured authentication config - v1.29
  • 3766 - Move ReferenceGrant to sig-auth API Group - v1.27
  • 3926 - Handling undecryptable resources - v1.29
  • 4193 - bound service account token improvements - v1.29

• Stable

  • 3299 - KMS v2 Improvements - v1.29
  • 3325 - Review attibutes of a current user - v1.28

Subprojects

Retired in 2023:

• multi-tenancy Continuing:
• audit-logging
• authenticators
• authorizers
• certificates
• encryption-at-rest
• hierarchical-namespace-controller
• node-identity-and-isolation
• policy-management
• secrets-store-csi-driver
• service-accounts
• sig-auth-tools

Working groups

Retired in 2023:

• Multitenancy Continuing:
• Policy

Operational

Operational tasks in sig-governance.md:

• README.md reviewed for accuracy and updated if needed
• CONTRIBUTING.md reviewed for accuracy and updated if needed
• Other contributing docs (e.g. in devel dir or contributor guide) reviewed for accuracy and updated if needed
• Subprojects list and linked OWNERS files in sigs.yaml reviewed for accuracy and updated if needed
• SIG leaders (chairs, tech leads, and subproject leads) in sigs.yaml are accurate and active, and updated if needed
• Meeting notes and recordings for 2023 are linked from README.md and updated/uploaded if needed