Merge pull request kubernetes#3393 from liggitt/2799

k8s-ci-robot · web-flow · commit ac4912467645 · 2022-06-14T09:01:33.000-07:00
KEP-2799: Update for 1.25
diff --git a/keps/sig-auth/2799-reduction-of-secret-based-service-account-token/README.md b/keps/sig-auth/2799-reduction-of-secret-based-service-account-token/README.md
@@ -1,7 +1,6 @@
 # KEP-2799: Reduction of Secret-based Service Account Tokens
 
 <!-- toc -->
-
 - [Release Signoff Checklist](#release-signoff-checklist)
 - [Summary](#summary)
 - [Motivation](#motivation)
@@ -16,6 +15,10 @@
   - [LegacyServiceAccountTokenTracking](#legacyserviceaccounttokentracking)
   - [LegacyServiceAccountTokenCleanUp](#legacyserviceaccounttokencleanup)
   - [Test Plan](#test-plan)
+      - [Prerequisite testing updates](#prerequisite-testing-updates)
+      - [Unit tests](#unit-tests)
+      - [Integration tests](#integration-tests)
+      - [e2e tests](#e2e-tests)
   - [Graduation Criteria](#graduation-criteria)
     - [LegacyServiceAccountTokenNoAutoGeneration](#legacyserviceaccounttokennoautogeneration-1)
     - [Beta -&gt; GA Graduation](#beta---ga-graduation)
@@ -165,16 +168,30 @@ If `tracked-since` is unavailable, no secret would be removed.
 
 ### Test Plan
 
-- Unit tests
-- Integration tests
-  - Previously auto-generated secret-based token that's used within the
-    configurable cleanup duration will continue to work.
-  - Previously auto-generated secret-based token that's used after the
-    configurable cleanup duration will be deleted.
-- E2E tests
-  - Secret-based tokens would not be auto-generated.
-  - Still able to explicitly request a secret-based token.
-  - The explicitly requested token would not be deleted.
+[X] I/we understand the owners of the involved components may require updates to
+existing tests to make this code solid enough prior to committing the changes necessary
+to implement this enhancement.
+
+##### Prerequisite testing updates
+
+None
+
+##### Unit tests
+
+- `k8s.io/kubernetes/pkg/controller/serviceaccount`: `2022-06-13` - `67.5%`
+
+##### Integration tests
+
+- Previously auto-generated secret-based token that's used within the
+  configurable cleanup duration will continue to work.
+- Previously auto-generated secret-based token that's used after the
+  configurable cleanup duration will be deleted.
+
+##### e2e tests
+
+- Secret-based tokens would not be auto-generated.
+- Still able to explicitly request a secret-based token.
+- The explicitly requested token would not be deleted.
 
 ### Graduation Criteria
 
diff --git a/keps/sig-auth/2799-reduction-of-secret-based-service-account-token/kep.yaml b/keps/sig-auth/2799-reduction-of-secret-based-service-account-token/kep.yaml
@@ -7,18 +7,16 @@ participating-sigs:
   - sig-auth
 status: implementable
 creation-date: 2021-06-25
-last-updated: 2022-01-26
 reviewers:
   - "@liggitt"
   - "@mikedanese"
 approvers:
   - "@liggitt"
-prr-approvers:
-  - TBD
-stage: alpha
-latest-milestone: "v1.24"
+stage: beta
+latest-milestone: "v1.25"
 milestone:
   alpha: "v1.24"
+  beta: "v1.25"
 feature-gates:
   - name: LegacyServiceAccountTokenNoAutoGeneration
     components:
@@ -31,4 +29,4 @@ feature-gates:
       - kube-controller-manager
 disable-supported: true
 metrics:
-  - TBD
+  - serviceaccount_legacy_tokens_total
