Merge pull request #2208 from wojtek-t/migrate_keps_to_new_template_8

Migrate remaining auth keps to new template

keps/sig-auth/20190916-noderestriction-pods.md → keps/sig-auth/1314-node-restriction-pods/README.md

@@ -1,25 +1,3 @@
----
-title: Extended NodeRestrictions for Pods
-authors:
-  - "tallclair"
-owning-sig: sig-auth
-participating-sigs:
-  - sig-node
-  - sig-cluster-lifecycle
-reviewers:
-  - derekwaynecarr
-  - neolit123
-  - deads2k
-approvers:
-  - liggitt
-  - derekwaynecarr
-  - neolit123
-  - deads2k
-editor: TBD
-creation-date: 2019-09-16
-status: implementable
----
-
 # Extended NodeRestrictions for Pods
 
 ## Table of Contents

keps/sig-auth/1314-node-restriction-pods/kep.yaml

@@ -0,0 +1,20 @@
+title: Extended NodeRestrictions for Pods
+kep-number: 1314
+authors:
+  - "tallclair"
+owning-sig: sig-auth
+participating-sigs:
+  - sig-node
+  - sig-cluster-lifecycle
+reviewers:
+  - derekwaynecarr
+  - neolit123
+  - deads2k
+approvers:
+  - liggitt
+  - derekwaynecarr
+  - neolit123
+  - deads2k
+editor: TBD
+creation-date: 2019-09-16
+status: implementable

keps/sig-auth/20190730-oidc-discovery.md → keps/sig-auth/1393-oidc-discovery/README.md

@@ -1,30 +1,3 @@
----
-title: Service Account signing key retrieval
-authors:
-  - "@mikedanese"
-  - "@cceckman"
-  - "@mtaufen"
-owning-sig: sig-auth
-participating-sigs:
-  - sig-auth
-reviewers:
-  - "@liggitt"
-  - "@enj"
-  - "@micahhausler"
-  - "@ericchiang"
-approvers:
-  - "@liggitt"
-  - "@enj"
-  - "@micahhausler"
-  - "@ericchiang"
-editor: TBD
-creation-date: 2018-06-26
-last-updated: 2020-01-25
-status: implementable
-replaces:
-  - "https://github.com/kubernetes/community/pull/2314/"
----
-
 # Service Account signing key retrieval
 
 ## Table of Contents

keps/sig-auth/1393-oidc-discovery/kep.yaml

@@ -0,0 +1,25 @@
+title: Service Account signing key retrieval
+kep-number: 1393
+authors:
+  - "@mikedanese"
+  - "@cceckman"
+  - "@mtaufen"
+owning-sig: sig-auth
+participating-sigs:
+  - sig-auth
+reviewers:
+  - "@liggitt"
+  - "@enj"
+  - "@micahhausler"
+  - "@ericchiang"
+approvers:
+  - "@liggitt"
+  - "@enj"
+  - "@micahhausler"
+  - "@ericchiang"
+editor: TBD
+creation-date: 2018-06-26
+last-updated: 2020-01-25
+status: implementable
+replaces:
+  - "https://github.com/kubernetes/community/pull/2314/"

keps/sig-auth/20190607-certificates-api.md → keps/sig-auth/1513-certificate-signing-request/README.md

@@ -1,21 +1,3 @@
----
-title: Certificates API
-authors:
-  - "@mikedanese"
-  - "@deads2k"
-owning-sig: sig-auth
-reviewers:
-  - "@liggitt"
-  - "@smarterclayton"
-  - "@munnerz"
-approvers:
-  - "@liggitt"
-  - "@smarterclayton"
-creation-date: 2019-06-07
-last-updated: 2020-09-14
-status: implemented
----
-
 # Certificates API
 
 <!-- toc -->
@@ -130,7 +112,7 @@ This is typical of many PKI architectures.
 
 A typical successful issuance proceeds as follows:
 
-![CSR](/keps/sig-auth/csr.png)
+![CSR](/keps/sig-auth/1513-certificate-signing-request/csr.png)
 
 1. The requestor generates a private key, builds a certificate signing request,
    and submits the `CertificateSigningRequest` to the Kubernetes certificates

keps/sig-auth/1513-certificate-signing-request/kep.yaml

@@ -0,0 +1,16 @@
+title: Certificates API
+kep-number: 1513
+authors:
+  - "@mikedanese"
+  - "@deads2k"
+owning-sig: sig-auth
+reviewers:
+  - "@liggitt"
+  - "@smarterclayton"
+  - "@munnerz"
+approvers:
+  - "@liggitt"
+  - "@smarterclayton"
+creation-date: 2019-06-07
+last-updated: 2020-09-14
+status: implemented

keps/sig-auth/0000-20170814-bounding-self-labeling-kubelets.md → keps/sig-auth/279-limit-node-access/README.md

@@ -1,23 +1,3 @@
----
-title: Bounding Self-Labeling Kubelets
-authors:
-  - "@mikedanese"
-  - "@liggitt"
-owning-sig: sig-auth
-participating-sigs:
-  - sig-node
-  - sig-storage
-reviewers:
-  - "@saad-ali"
-  - "@tallclair"
-approvers:
-  - "@thockin"
-  - "@smarterclayton"
-creation-date: 2017-08-14
-last-updated: 2020-05-01
-status: implemented
----
-
 # Bounding Self-Labeling Kubelets
 
 ## Table of Contents

keps/sig-auth/279-limit-node-access/kep.yaml

@@ -0,0 +1,18 @@
+title: Bounding Self-Labeling Kubelets
+kep-number: 279
+authors:
+  - "@mikedanese"
+  - "@liggitt"
+owning-sig: sig-auth
+participating-sigs:
+  - sig-node
+  - sig-storage
+reviewers:
+  - "@saad-ali"
+  - "@tallclair"
+approvers:
+  - "@thockin"
+  - "@smarterclayton"
+creation-date: 2017-08-14
+last-updated: 2020-05-01
+status: implemented

keps/sig-auth/0014-dynamic-audit-configuration.md → keps/sig-auth/600-dynamic-audit-configuration/README.md

@@ -1,25 +1,3 @@
----
-title: Dynamic Audit Configuration
-authors:
-  - "@pbarker"
-owning-sig: sig-auth
-participating-sigs:
-  - sig-api-machinery
-reviewers:
-  - "@tallclair"
-  - "@yliaog"
-  - "@caesarxuchao"
-  - "@liggitt"
-approvers:
-  - "@tallclair"
-  - "@liggitt"
-  - "@yliaog"
-editor: TBD
-creation-date: 2018-05-18
-last-updated: 2018-07-31
-status: implementable
----
-
 # Dynamic Audit Control
 
 ## Table of Contents
@@ -283,4 +261,4 @@ it was ruled out for the following reasons:
 * The use of CRDs would be difficult to bound
 
 The dynamic policy feature is gated by runtime flags. This still provides the cluster provisioner a means to limit audit logging to the 
-single runtime object if needed.
+single runtime object if needed.

keps/sig-auth/600-dynamic-audit-configuration/kep.yaml

@@ -0,0 +1,20 @@
+title: Dynamic Audit Configuration
+kep-number: 600
+authors:
+  - "@pbarker"
+owning-sig: sig-auth
+participating-sigs:
+  - sig-api-machinery
+reviewers:
+  - "@tallclair"
+  - "@yliaog"
+  - "@caesarxuchao"
+  - "@liggitt"
+approvers:
+  - "@tallclair"
+  - "@liggitt"
+  - "@yliaog"
+editor: TBD
+creation-date: 2018-05-18
+last-updated: 2018-07-31
+status: implementable

keps/sig-auth/20190116-service-account-external-signing.md → keps/sig-auth/740-service-account-external-signing/README.md

@@ -1,26 +1,3 @@
----
-title: Support external signing of service account keys
-authors:
-  - "@micahhausler"
-owning-sig: sig-auth
-participating-sigs: []
-reviewers:
-  - "@mikedanese"
-  - "@liggit"
-  - "@tallclair"
-approvers:
-  - "@mikedanese"
-  - "@liggit"
-  - "@tallclair"
-editor: '@micahhausler'
-creation-date: 2019-01-16
-last-updated: 2019-05-17
-status: implementable
-see-also: []
-replaces: []
-superseded-by: []
----
-
 # Support external signing of service account keys
 
 ## Table of Contents

keps/sig-auth/740-service-account-external-signing/kep.yaml

@@ -0,0 +1,21 @@
+title: Support external signing of service account keys
+kep-number: 740
+authors:
+  - "@micahhausler"
+owning-sig: sig-auth
+participating-sigs: []
+reviewers:
+  - "@mikedanese"
+  - "@liggit"
+  - "@tallclair"
+approvers:
+  - "@mikedanese"
+  - "@liggit"
+  - "@tallclair"
+editor: '@micahhausler'
+creation-date: 2019-01-16
+last-updated: 2019-05-17
+status: implementable
+see-also: []
+replaces: []
+superseded-by: []

keps/sig-auth/0034-20190123-harden-default-discovery-bindings.md → keps/sig-auth/789-harden-default-discover-bindings/README.md

@@ -1,25 +1,3 @@
----
-title: Harden Default RBAC Discovery ClusterRole(Binding)s
-authors:
-  - "@dekkagaijin"
-owning-sig: sig-auth
-participating-sigs:
-  - sig-auth
-  - sig-api-machinery
-reviewers:
-  - "@liggitt"
-  - "@tallclair"
-  - "@deads2k"
-approvers:
-  - "@liggitt"
-  - "@tallclair"
-  - "@deads2k"
-editor: TBD
-creation-date: 2019-01-28
-last-updated: 2019-01-31
-status: implementable
----
-
 # Harden Default RBAC Discovery ClusterRole(Binding)s
 
 ## Table of Contents

keps/sig-auth/789-harden-default-discover-bindings/kep.yaml

@@ -0,0 +1,20 @@
+title: Harden Default RBAC Discovery ClusterRole(Binding)s
+kep-number: 789
+authors:
+  - "@dekkagaijin"
+owning-sig: sig-auth
+participating-sigs:
+  - sig-auth
+  - sig-api-machinery
+reviewers:
+  - "@liggitt"
+  - "@tallclair"
+  - "@deads2k"
+approvers:
+  - "@liggitt"
+  - "@tallclair"
+  - "@deads2k"
+editor: TBD
+creation-date: 2019-01-28
+last-updated: 2019-01-31
+status: implementable