Skip to content

Add documentation for ServiceAccountNodeAudienceRestriction feature#54931

Open
aramase wants to merge 1 commit intokubernetes:mainfrom
aramase:aramase/c/node_aud_restriction_docs
Open

Add documentation for ServiceAccountNodeAudienceRestriction feature#54931
aramase wants to merge 1 commit intokubernetes:mainfrom
aramase:aramase/c/node_aud_restriction_docs

Conversation

@aramase
Copy link
Copy Markdown
Member

@aramase aramase commented Mar 16, 2026

@k8s-ci-robot k8s-ci-robot added sig/auth Categorizes an issue or PR as relevant to SIG Auth. language/en Issues or PRs related to English language labels Mar 16, 2026
@k8s-ci-robot k8s-ci-robot requested a review from cheftako March 16, 2026 23:20
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 16, 2026
@k8s-ci-robot k8s-ci-robot requested a review from liggitt March 16, 2026 23:20
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 16, 2026
@aramase
Copy link
Copy Markdown
Member Author

aramase commented Mar 16, 2026

/assign enj liggitt

@netlify
Copy link
Copy Markdown

netlify Bot commented Mar 16, 2026
edited
Loading

Pull request preview available for checking

Built without sensitive environment variables

Name Link
🔨 Latest commit dc625f5
🔍 Latest deploy log https://app.netlify.com/projects/kubernetes-io-main-staging/deploys/69cc30693b7b9f000996be13
😎 Deploy Preview https://deploy-preview-54931--kubernetes-io-main-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@enj enj added this to SIG Auth Mar 17, 2026
@enj enj moved this to Needs Triage in SIG Auth Mar 17, 2026
enj
enj approved these changes Mar 31, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@enj enj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Minor nit

Comment thread content/en/docs/tasks/administer-cluster/kubelet-credential-provider.md Outdated
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 31, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 31, 2026

LGTM label has been added.

DetailsGit tree hash: 9b2c35ac67cb2bdb156295dd976c484de69b3006

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 31, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: enj
Once this PR has been reviewed and has the lgtm label, please assign natalisucks for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@aramase
Add documentation for ServiceAccountNodeAudienceRestriction feature
dc625f5 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
@aramase aramase force-pushed the aramase/c/node_aud_restriction_docs branch from 339c948 to dc625f5 Compare March 31, 2026 20:36
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 31, 2026
@k8s-ci-robot k8s-ci-robot requested a review from enj March 31, 2026 20:36
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 31, 2026

New changes are detected. LGTM label has been removed.

@aramase aramase moved this from Needs Triage to In Review in SIG Auth Mar 31, 2026
@aramase
Copy link
Copy Markdown
Member Author

aramase commented Apr 2, 2026

We have technical LGTM.

/assign @dipesh-rawat
(for approval)

lmktfy
lmktfy reviewed Apr 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@lmktfy lmktfy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Eesh. This new verb makes authz kinda hard to teach. Especially as it is available by default, let's put in more effort into explaining authz; these audience restriction changes are making it considerably harder for learners to build a useful mental model.

Comment thread content/en/docs/reference/access-authn-authz/node.md

| Attribute | Value |
| ---------- | ----- |
| Verb | `request-serviceaccounts-token-audience` |
Copy link
Copy Markdown
Member

@lmktfy lmktfy Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should update the authorization page to explain about this kind of verb. It is very very different from the common verbs, such as get and delete.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lmktfy lmktfy lmktfy left review comments

@cheftako cheftako Awaiting requested review from cheftako

@liggitt liggitt Awaiting requested review from liggitt

@enj enj Awaiting requested review from enj

Assignees

@liggitt liggitt

@enj enj

@dipesh-rawat dipesh-rawat

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. language/en Issues or PRs related to English language sig/auth Categorizes an issue or PR as relevant to SIG Auth. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

SIG Auth
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@aramase @k8s-ci-robot @enj @lmktfy @benjaminapetersen @liggitt @dipesh-rawat