You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: keps/sig-auth/4193-bound-service-account-token-improvements/README.md
+7-6Lines changed: 7 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -54,9 +54,9 @@ Items marked with (R) are required *prior to targeting to a milestone / release*
54
54
-[ ] (R) Minimum Two Week Window for GA e2e tests to prove flake free
55
55
-[x] (R) Graduation criteria is in place
56
56
-[ ] (R) [all GA Endpoints](https://github.com/kubernetes/community/pull/1806) must be hit by [Conformance Tests](https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/conformance-tests.md)
57
-
-[] (R) Production readiness review completed
58
-
-[] (R) Production readiness review approved
59
-
-[] "Implementation History" section is up-to-date for milestone
57
+
-[x] (R) Production readiness review completed
58
+
-[x] (R) Production readiness review approved
59
+
-[x] "Implementation History" section is up-to-date for milestone
60
60
-[ ] User-facing documentation has been created in [kubernetes/website], for publication to [kubernetes.io]
61
61
-[ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
62
62
@@ -494,7 +494,7 @@ New metrics that can be used to identify if the feature is in use:
494
494
495
495
###### Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?
**For `ServiceAccountTokenPodNodeInfo` feature (alpha v1.29, beta v1.30, GA v1.32):**
533
533
534
534
*Without* the feature gate enabled, tokens that are bound to Pod objects will not include information about the Node
535
535
that the pod is scheduled/assigned to.
@@ -699,6 +699,7 @@ For example, attempting to issue a node bound token, or attempting to authentica
699
699
* Added restrictions to disallow enabling `ServiceAccountTokenNodeBinding` without `ServiceAccountTokenNodeBindingValidation`: https://github.com/kubernetes/kubernetes/pull/123135
700
700
*`ServiceAccountTokenJTI`, `ServiceAccountTokenNodeBindingValidation` and `ServiceAccountTokenPodNodeInfo` promoted to beta for v1.30 release
701
701
* Promoted `ServiceAccountTokenNodeBinding` promoted to beta for v1.31 release
702
+
* Promoted `ServiceAccountTokenJTI`, `ServiceAccountTokenPodNodeInfo`, `ServiceAccountTokenNodeBindingValidation` to stable for v1.32 release
702
703
703
704
<!--
704
705
Major milestones in the lifecycle of a KEP should be tracked in this section.
0 commit comments