SIG-Auth - 1

2026 (1)

January (1)

k8s: Kubernetes v1.35: Restricting executables invoked by kubeconfigs via exec plugin allowList added to kuberc

Kubernetes Official Blog

2026-01-09

Kubernetes v1.35 introduces a beta credential plugin policy and allowlist to give users control over executables invoked by kubeconfig exec plugins. You can set policy via the client-go ExecProvider.PluginPolicy or by configuring kubectl's kuberc with credentialPluginPolicy (AllowAll, DenyAll, Allowlist) and credentialPluginAllowlist entries to restrict which plugins may run.

2025 (1)

October (1)

k8s: Spotlight on Policy Working Group

Kubernetes Official Blog

2025-10-18

The Policy Working Group (now completed) worked to standardize and simplify policy management across the Kubernetes ecosystem. Led by co-chairs Jim Bugwadia, Poonam Lamba, and Andy Suderman, the group produced documentation, whitepapers, a CNCF survey, and the Policy Reports API, and helped educate the community about built-in policy APIs and CNCF policy tools. The WG coordinated with SIG Auth and SIG Security, faced contributor-time and consensus challenges, and encouraged newcomers to join meetings and review materials to get involved.