Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-48286

Enable ServiceAccountTokenNodeBinding K8s Feature [A new promoted feature]

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Rejected
    • Auth Feature Team - Sprint 265, Auth Feature Team - Sprint 266
    • 2
    • Done
    • Enhancement
    • Hide
      Added to Enhancements section of release notes.

      Enable ServiceAccountTokenNodeBinding Kubernetes feature by default

      The ServiceAccountTokenNodeBinding feature is now enabled by default in OpenShift, aligning with upstream Kubernetes behavior. This feature, introduced in Kubernetes Enhancement Proposal (KEP) 4193, allows service account tokens to be bound directly to Node objects in addition to the existing binding options.

      Key benefits include:
      - Enhanced security through automatic token invalidation when bound nodes are deleted
      - Better protection against token replay attacks across different nodes
      - Improved audit capabilities for tracking token usage by specific infrastructure
      Show
      Added to Enhancements section of release notes. Enable ServiceAccountTokenNodeBinding Kubernetes feature by default The ServiceAccountTokenNodeBinding feature is now enabled by default in OpenShift, aligning with upstream Kubernetes behavior. This feature, introduced in Kubernetes Enhancement Proposal (KEP) 4193, allows service account tokens to be bound directly to Node objects in addition to the existing binding options. Key benefits include: - Enhanced security through automatic token invalidation when bound nodes are deleted - Better protection against token replay attacks across different nodes - Improved audit capabilities for tracking token usage by specific infrastructure
    • None
    • None
    • None
    • None

      Description of problem:

          ServiceAccountTokenNodeBinding is disabled.

      Version-Release number of selected component (if applicable):

          4.18?

      How reproducible:

          Check FeatureGate resource and see that it is in the disabled list.

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

          It should be enabled.

      Additional info:

              kostrows@redhat.com Krzysztof Ostrowski
              kostrows@redhat.com Krzysztof Ostrowski
              None
              None
              Xingxing Xia Xingxing Xia
              None
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: