Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-4872: Harden Kubelet serving cert validation #4911

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

KEP-4872: Harden Kubelet serving cert validation #4911

wants to merge 2 commits into from

Conversation

g-gaston
Copy link

@g-gaston g-gaston commented Oct 9, 2024

  • One-line PR description: Add first version of doc
  • Other comments: I left a few TODOs with things I think can use a discussion.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Oct 9, 2024
@k8s-ci-robot k8s-ci-robot added kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/auth Categorizes an issue or PR as relevant to SIG Auth. labels Oct 9, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: g-gaston
Once this PR has been reviewed and has the lgtm label, please assign ritazh for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Oct 9, 2024
@g-gaston g-gaston changed the title KEP-4872: Add Harden Kubelet serving cert validation KEP-4872: Harden Kubelet serving cert validation Oct 9, 2024
sftim
sftim reviewed Oct 10, 2024
View reviewed changes
keps/sig-auth/4872-harden-kubelet-cert-validation/kep.yaml
# The following PRR answers are required at alpha release
# List the feature gate name and the components for which it must be enabled
feature-gates:
- name: KubeletCertCNValidation
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about: NodeCertificateNameValidation?

The API server is verifying a certificate presented by a node, whatever software that node is running (which, OK, is very likely to be kubelet).

@g-gaston @sftim
Update keps/sig-auth/4872-harden-kubelet-cert-validation/kep.yaml
16c59e6 
Co-authored-by: Tim Bannister <tim@scalefactory.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sftim sftim sftim left review comments

@mikedanese mikedanese Awaiting requested review from mikedanese

@ritazh ritazh Awaiting requested review from ritazh

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
SIG Auth
Status: KEP Backlog
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@g-gaston @k8s-ci-robot @sftim