Skip to content

Latest commit

 

History

History
163 lines (145 loc) · 14.3 KB

README.md

File metadata and controls

163 lines (145 loc) · 14.3 KB

Auth Special Interest Group

Covers improvements to Kubernetes authorization, authentication, and cluster security policy.

"All I want is a secure system where it's easy to do anything I want. Is that so much to ask?" - xkcd

The charter defines the scope and governance of the Auth Special Interest Group.

Meetings

Leadership

Chairs

The Chairs of the SIG run operations and processes governing the SIG.

Technical Leads

The Technical Leads of the SIG establish new subprojects, decommission existing subprojects, and resolve cross-subproject technical issues and decisions.

Emeritus Leads

Contact

Subprojects

The following subprojects are owned by sig-auth:

audit-logging

Kubernetes API support for audit logging.

authenticators

Kubernetes API support for authentication.

authorizers

Kubernetes API support for authorization.

certificates

Certificates APIs and client infrastructure to support PKI.

encryption-at-rest

API storage support for storing data encrypted at rest in etcd.

hierarchical-namespace-controller

Controller to manage hierarchical namespaces

multi-tenancy

Proposals and prototypes for introducing tenant model to enable multi-tenant cluster

node-identity-and-isolation

Node identity management (co-owned with sig-lifecycle), and authorization restrictions for isolating workloads on separate nodes (co-owned with sig-node).

policy-management

API validation and policies enforced during admission, such as PodSecurityPolicy. Excludes run-time policies like NetworkPolicy and Seccomp.

secrets-store-csi-driver

Integrates secrets stores with Kubernetes via a CSI volume.

service-accounts

Infrastructure implementing Kubernetes service account based workload identity.