sig-auth charter (v2) #2431
sig-auth charter (v2) #2431
Conversation
k8s-ci-robot
added
size/M
sig-auth/charter.md
Outdated
| SIG Auth is responsible for the design, implementation, and maintenance of features in | ||
| Kubernetes that control and protect access to the API and other core components. This includes | ||
| authentication and authorization, but also encompasses features like auditing and some policy | ||
| (see below). |
There was a problem hiding this comment.
@liggitt @mikedanese - This is the only piece that isn't copied from the scope we discussed. PTAL
|
/assign @liggitt |
|
/committee steering |
k8s-ci-robot
added
the
committee/steering
sig-auth/charter.md
Outdated
|
|
||
| #### Code, Binaries and Services | ||
|
|
||
| - Kubernetes authentication, authorization, audit and policy features. Examples include: |
There was a problem hiding this comment.
s/policy/security policy/? How does this overlap with other policy aspects? Or do you think that it doesn't?
There was a problem hiding this comment.
Done. We actually were going to change that to security policy, but I guess that change got lost.
I agree this is a fuzzy area, and the policy scope of sig-auth isn't super well defined. I think that is partly because most policy features are cross-cutting. For example, PodSecruityPolicy should really be co-owned by sig-auth & sig-node. SchedulingPolicy should be sig-auth & sig-scheduling. Network policy is probably just sig-networking, since it's only a runtime policy (comparable to PodSecurityContext).
I see our (sig-auth) role around policy as:
- helping to drive consistency across policies (really co-owned with wg-policy)
- owning the policy primitives & mechanisms (co-owned with api-machinery)
- ensuring that important use cases are covered by the existing authorization & policy mechanisms
Does this make sense? I can try to distill this into our scope if we all agree.
| This sig follows adheres to the Roles and Organization Management outlined in [sig-governance] | ||
| and opts-in to updates and modifications to [sig-governance]. | ||
|
|
||
| ### Subproject Creation |
There was a problem hiding this comment.
Can be done in a different PR, but there are no subprojects defined for SIG-auth defined in sigs.yaml. How are y'all thinking about breaking this down into smaller chunks?
There was a problem hiding this comment.
Enumerating those is in progress in https://docs.google.com/document/d/1RJvnSPOJ3JC61gerCpCpaCtzQjRcsZ2tXkcyokr6sLY
A follow up to this PR would transfer those into sigs.yaml
tallclair
force-pushed
the
sig-auth-charter-v2
branch
from
6a829d5 to
41a8955
Compare
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: michelleN The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
Thank you! |
Add a sig-auth charter, based on the sig-charter-template.
The first attempt at our charter is in #2000.
Co-authored by: @liggitt @mikedanese @tallclair
/sig auth