Skip to content

Add ServiceAccountTokenCacheType support to credential provider plugin #132617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

aramase
Copy link
Member

@aramase aramase commented Jun 30, 2025

What type of PR is this?

/kind feature

What this PR does / why we need it:

Add ServiceAccountTokenCacheType support to credential provider plugin

Which issue(s) this PR is related to:

part of #130709
KEP: kubernetes/enhancements#4412

Does this PR introduce a user-facing change?

Added `ServiceAccountTokenCacheType` field to credential provider API enabling plugins to specify granular caching strategies (ServiceAccount or Pod level) when using service account tokens for authentication. This is a required field and plugins that get a service account token from kubelet as part of `CredentialProviderRequest` must set this field.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

[KEP]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/4412-projected-service-account-tokens-for-kubelet-image-credential-providers/README.md

/sig auth
/triage accepted
/milestone v1.34
/priority important-soon

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Jun 30, 2025
@k8s-ci-robot k8s-ci-robot added this to the v1.34 milestone Jun 30, 2025
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. sig/auth Categorizes an issue or PR as relevant to SIG Auth. triage/accepted Indicates an issue or PR is ready to be actively worked on. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Jun 30, 2025
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. area/test sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. labels Jun 30, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: aramase
Once this PR has been reviewed and has the lgtm label, please assign deads2k for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tico88612
Copy link
Member

Hi @aramase
Thank you for continuing to follow this PR.
The code freeze is starting 02:00 UTC Friday 25th July 2025 (about 3 weeks from now). Please make sure the PR has both lgtm and approved labels before the code freeze. Thanks!

@aramase aramase moved this from Needs Triage to In Review in SIG Auth Jun 30, 2025
@aramase aramase force-pushed the aramase/f/kep_4412_pod_cache_key_type branch from 46ad0df to 76d9c6f Compare June 30, 2025 19:55
@aramase
Copy link
Member Author

aramase commented Jun 30, 2025

/assign enj liggitt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
Status: In Review
Status: Tracked
Development

Successfully merging this pull request may close these issues.

5 participants