Skip to content

KEP-4193: Update ServiceAccount admin docs with additional info on bound tokens #48495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Nov 26, 2024
Merged

KEP-4193: Update ServiceAccount admin docs with additional info on bound tokens #48495

merged 4 commits into from
Nov 26, 2024

Conversation

@munnerz
Copy link
Member

@munnerz munnerz commented Oct 22, 2024

Description

Adds additional information on handling bound service account tokens, including details on external validation, as per KEP 4193.

Issue

kubernetes/enhancements#4193

/cc @liggitt

@k8s-ci-robot k8s-ci-robot requested a review from liggitt October 22, 2024 14:07
@k8s-ci-robot k8s-ci-robot added this to the 1.32 milestone Oct 22, 2024
@k8s-ci-robot k8s-ci-robot added language/en Issues or PRs related to English language cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Oct 22, 2024
@munnerz munnerz changed the title Update ServiceAccount admin docs with additional info on bound tokens KEP-4193: Update ServiceAccount admin docs with additional info on bound tokens Oct 22, 2024
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 22, 2024
@netlify
Copy link

netlify bot commented Oct 22, 2024
edited
Loading

👷 Deploy Preview for kubernetes-io-vnext-staging processing.

Name Link
🔨 Latest commit 4ef8669
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-vnext-staging/deploys/67460ed8a24e4e00081145e4

@munnerz munnerz mentioned this pull request Oct 22, 2024
Closed
25 tasks
@netlify
Copy link

netlify bot commented Oct 22, 2024
edited
Loading

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit 4ef8669
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-io-main-staging/deploys/67460ed8f736e20008bd4889
😎 Deploy Preview https://deploy-preview-48495--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@dipesh-rawat
Copy link
Member

dipesh-rawat commented Oct 22, 2024

/sig auth

@k8s-ci-robot k8s-ci-robot added the sig/auth Categorizes an issue or PR as relevant to SIG Auth. label Oct 22, 2024
@munnerz munnerz mentioned this pull request Oct 22, 2024
Closed
liggitt
liggitt reviewed Nov 8, 2024
View reviewed changes
content/en/docs/reference/access-authn-authz/service-accounts-admin.md Outdated
```json
{
"aud": [
"https://kubernetes.default.svc.cluster.local"
Copy link
Member

@liggitt liggitt Nov 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

make it clear with a comment that this is an example and can vary from cluster to cluster, and from token to token (you can switch the formatting type to yaml and add # comments that will get formatted nicely) (or better yet, make this clearly a dummy value like https://my-audience.example.com)

content/en/docs/reference/access-authn-authz/service-accounts-admin.md Outdated
],
"exp": 1729605240,
"iat": 1729601640,
"iss": "https://kubernetes.default.svc.cluster.local",
Copy link
Member

@liggitt liggitt Nov 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment that this is an example and can vary from cluster to cluster (or better yet, make this clearly a dummy value like https://my-cluster.example.com)

@chanieljdan
Copy link
Contributor

chanieljdan commented Nov 26, 2024

Hi @munnerz 👋 could we take a look at the unaddressed comments above ahead of tomorrow's docs freeze? The deadline for docs is tomorrow at 18:00 PDT. Thanks!

tengqm
tengqm reviewed Nov 26, 2024
View reviewed changes
@munnerz
Copy link
Member Author

munnerz commented Nov 26, 2024

Comments addressed, PTAL :)

liggitt
liggitt reviewed Nov 26, 2024
View reviewed changes
@natalisucks
Copy link
Contributor

natalisucks commented Nov 26, 2024

@kubernetes/sig-auth-leads i know Jordan has re-reviewed this a couple of hours ago, so as an FYI we'll need a tech LGTM as an outcome here. @munnerz PTAL at Jordan's further comments and we'll have SIG Docs eyes on this soon

@liggitt
Copy link
Member

liggitt commented Nov 26, 2024

/lgtm
for technical content

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 26, 2024
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 26, 2024

LGTM label has been added.

Git tree hash: f96dccb80d77593357de9e43d8f88a3010a4d222

@natalisucks
Copy link
Contributor

natalisucks commented Nov 26, 2024

/approve

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 26, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: natalisucks

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2024
@k8s-ci-robot k8s-ci-robot merged commit ee231f7 into kubernetes:dev-1.32 Nov 26, 2024
6 checks passed
@munnerz munnerz deleted the kep-4193-132-ga branch November 27, 2024 16:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tengqm tengqm tengqm left review comments

+1 more reviewer

@liggitt liggitt liggitt left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@liggitt liggitt

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

SIG Auth
Archived in project

Milestone

1.32

Development

Successfully merging this pull request may close these issues.

7 participants

@munnerz @dipesh-rawat @chanieljdan @natalisucks @liggitt @k8s-ci-robot @tengqm