DRA: AdminAccess for ResourceClaims and ResourceClaimTemplates

[ritazh]

Enhancement Description

• One-line enhancement description (can be used as a release note): DRAAdminAccess: allow creations of ResourceClaims and ResourceClaimTemplates in privileged mode to grant access to devices that are in use by other users for admin tasks like monitor health or status of the device.
• Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/5018-dra-adminaccess/README.md
• Discussion Link:
  • https://github.com/kubernetes/enhancements/pull/5019
  • https://github.com/kubernetes/kubernetes/issues/128838
• Primary contact (assignee): @ritazh @pohly
• Responsible SIGs: sig-auth, sig-node
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): 1.33
  • Beta release target (x.y): 1.34
  • Stable release target (x.y): 1.35
• [x] Alpha
  • [X] KEP (k/enhancements) update PR(s): https://github.com/kubernetes/enhancements/pull/5019
  • [x] Code (k/k) update PR(s): https://github.com/kubernetes/kubernetes/pull/130225
  • [x] Docs (k/website) update PR(s): https://github.com/kubernetes/website/pull/49929
• [x] Beta
  • [x] KEP (k/enhancements) update PR(s): https://github.com/kubernetes/enhancements/pull/5327
  • [ ] Code (k/k) update PR(s):
  • [ ] Docs (k/website) update(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

/sig auth /sig node /wg device-management

[ritazh]

/milestone v1.33

[kannon92]

@ritazh can you update the KEP description with your KEP PR?

[ritazh]

@ritazh can you update the KEP description with your KEP PR?

done. thanks for the bump!

[kannon92]

/assign @ritazh

[fykaa]

Hello @ritazh 👋, v1.33 Enhancements team here.

Just checking in as we approach enhancements freeze on 02:00 UTC Friday 14th February 2025 / 19:00 PDT Thursday 13th February 2025.

This enhancement is targeting stage alpha for v1.33 (correct me, if otherwise) /stage alpha

Here's where this enhancement currently stands:

• [x] KEP readme using the latest template has been merged into the k/enhancements repo.
• [x] KEP status is marked as implementable for latest-milestone: v1.33.
• [x] KEP readme has up-to-date graduation criteria
• [x] KEP has a production readiness review that has been completed and merged into k/enhancements. (For more information on the PRR process, check here). If your production readiness review is not completed yet, please make sure to fill the production readiness questionnaire in your KEP by the PRR Freeze deadline on Thursday 6th February 2025 so that the PRR team has enough time to review your KEP.

The status of this enhancement is marked as At risk for enhancements freeze. Please keep the issue description up-to-date with appropriate stages as well.

If you anticipate missing enhancements freeze, you can file an exception request in advance. Thank you!

[dipesh-rawat]

Hi @ritazh 👋, 1.33 Enhancements team here,

Just a quick friendly reminder as we approach the enhancements freeze later this week, at 02:00 UTC Friday 14th February 2025 / 19:00 PDT Thursday 13th February 2025.

The current status of this enhancement is marked as At risk for enhancement freeze. There are a few requirements mentioned in the comment https://github.com/kubernetes/enhancements/issues/5018#issuecomment-2633629707 that still need to be completed.

If you anticipate missing enhancements freeze, you can file an exception request in advance. Thank you!

[dipesh-rawat]

Hello @ritazh 👋, 1.33 Enhancements team here,

Now that PR https://github.com/kubernetes/enhancements/pull/5019 has been merged, all the KEP requirements are in place and merged into k/enhancements.

Before the enhancement freeze, it would be appreciated if following nit could be addressed:

• Update issue description to add direct link to KEP README.md.

  • Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/5018-dra-adminaccess/README.md

Aside from the minor nit mentioned above, this enhancement is all good for the upcoming enhancements freeze. 🚀

The status of this enhancement is now marked as tracked for enhancement freeze. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

(cc: @fykaa) /label tracked/yes

[Urvashi0109]

Hello @ritazh @pohly 👋, v1.33 Docs Shadow here.

Does this enhancement work planned for v1.33 require any new docs or modification to existing docs?

If so, please follow the steps here to open a PR against dev-1.33 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday 27th February 2025 18:00 PDT.

Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.

Thank you!

[Urvashi0109]

Hi @ritazh @pohly , v1.33 Docs Shadow here.

Gentle reminder: The docs placeholder PR should be opened by 27th Feb. Please update PR in description as well.

Thanks!

[fykaa]

Hey again @ritazh @pohly 👋, v1.33 Enhancements team here,

Just checking in as we approach Code Freeze at 02:00 UTC Friday 21st March 2025 / 19:00 PDT Thursday 20th March 2025.

Here's where this enhancement currently stands:

• [x] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• [x] All PRs are ready to be merged (they have approved and lgtm labels applied) by the code freeze deadline. This includes tests.

For this enhancement, it looks like the following PRs need to be merged before code freeze (and we need to update the Issue description to include all the related PRs of this KEP):

• https://github.com/kubernetes/kubernetes/pull/130225

If you anticipate missing code freeze, you can file an exception request in advance.

Also, please let me know if there are other PRs in k/k we should be tracking for this KEP.

The status of this enhancement is marked as At risk for code freeze.

As always, we are here to help if any questions come up. Thanks!

[aakankshabhende]

Hi @ritazh @pohly 👋 -- this is Aakanksha (@aakankshabhende ) from the 1.33 Communications Team!

For the 1.33 release, we are currently in the process of collecting and curating a list of potential feature blogs, and we'd love for you to consider writing one for your enhancement!

As you may be aware, feature blogs are a great way to communicate to users about features which fall into (but not limited to) the following categories:

• This introduces some breaking change(s)
• This has significant impacts and/or implications to users
• ...Or this is a long-awaited feature, which would go a long way to cover the journey more in detail 🎉

To opt in to write a feature blog, could you please let us know and open a "Feature Blog placeholder PR" (which can be only a skeleton at first) against the website repository by Wednesday, 5th March, 2025? For more information about writing a blog, please find the blog contribution guidelines 📚

[!Tip] Some timeline to keep in mind:

• 02:00 UTC Wednesday, 5th March, 2025: Feature blog PR freeze
• Monday, 7th April, 2025: Feature blogs ready for review
• You can find more in the release document

[!Note] In your placeholder PR, use XX characters for the blog date in the front matter and file name. We will work with you on updating the PR with the publication date once we have a final number of feature blogs for this release.

[aakankshabhende]

Hi @ritazh @pohly 👋 -- this is Aakanksha (@aakankshabhende ) from 1.33 Communications Team here again!

This is a gentle reminder for the feature blog deadline mentioned above, which is 02:00 UTC Wednesday, 5th March, 2025. To opt in, please let us know and open a Feature Blog placeholder PR against k/website by the deadline. If you have any questions, please feel free to reach out to us!

[!Tip] Some timeline to keep in mind:

• 02:00 UTC Wednesday, 5th March, 2025: Feature blog PR freeze
• Monday, 7th April, 2025: Feature blogs ready for review
• You can find more in the release document

[!Note] In your placeholder PR, use XX characters for the blog date in the front matter and file name. We will work with you on updating the PR with the publication date once we have a final number of feature blogs for this release.

[ritazh]

For feature blog, will add this as part of https://github.com/kubernetes/website/pull/49993

[dipesh-rawat]

Hi @ritazh @pohly 👋, v1.33 Enhancements team here,

Just a quick friendly reminder as we approach the code freeze later this week, at 02:00 UTC Friday 21st March 2025 / 19:00 PDT Thursday 20th March 2025.

The current status of this enhancement is marked as At risk for code freeze. There are a few requirements mentioned in the comment https://github.com/kubernetes/enhancements/issues/5018#issuecomment-2691292621 that still need to be completed.

If you anticipate missing code freeze, you can file an exception request in advance. Thank you!

[dipesh-rawat]

Hey @ritazh @pohly 👋, 1.33 Enhancements team here,

With all the implementation(code related) PRs merged as per the issue description:

• https://github.com/kubernetes/kubernetes/pull/130225

This enhancement is now marked as tracked for code freeze for the 1.33 Code Freeze!

Additionally, please let me know if there are any other PRs in k/k not listed in the description that we should track for this KEP, so that we can maintain accurate status.

[liggitt]

Targeting beta for 1.34

[jenshu]

Hi @ritazh @pohly 👋, v1.34 Enhancements team here.

This is a reminder of the upcoming PRR Freeze on Thursday 12th June 2025.

By this date, there must be a PR open in k/enhancements with:

• The KEP's PRR questionnaire filled out.
• The kep.yaml updated with the stage, latest-milestone, and milestone struct filled out.
• A PRR approval file with the PRR approver listed for the stage the KEP is targeting.

Having the PRR questionnaire filled out by this deadline will help ensure that the PRR team has enough time to review your KEP before Enhancements Freeze on Friday 20th June 2025. For more information on the PRR process, see here.

[ritazh]

@jenshu I believe https://github.com/kubernetes/enhancements/pull/5327 already fulfilled the below PRR requirements for moving to beta in 1.34. Please let me know if we are missing anything.

• The KEP's PRR questionnaire filled out.
• The kep.yaml updated with the stage, latest-milestone, and milestone struct filled out.
• A PRR approval file with the PRR approver listed for the stage the KEP is targeting

[jenshu]

Hello again @ritazh @pohly 👋, v1.34 Enhancements team here.

Just checking in as we approach enhancements freeze on 21:00 UTC Friday 20th June 2025 / 14:00 PST Friday 20th June 2025.

This enhancement is targeting stage beta for v1.34 (correct me, if otherwise)

Here’s where this enhancement currently stands:

• [X] KEP readme using the latest template has been merged into the k/enhancements repo.
• [X] KEP status is marked as implementable for latest-milestone: v1.34. KEPs targeting stable will need to be marked as implemented after code PRs are merged.
• [X] KEP readme has up-to-date graduation criteria.
• [X] KEP has submitted a production readiness review request for approval and has a reviewer assigned.
• [X] KEP has a production readiness review that has been completed and merged into k/enhancements. (For more information on the PRR process, check here).

With all the KEP requirements in place and merged into k/enhancements, this enhancement is all good for the upcoming enhancements freeze. 🚀

The status of this enhancement is marked as Tracked for enhancements freeze. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@ritazh Just a nit: in the README you are missing the first question under Scalability - the answer is there, but the question didn't get copied over. Would be good to fix that when you get a chance.

[dipesh-rawat]

Hi @ritazh @pohly 👋 - this is Dipesh (@dipesh-rawat) from the v1.34 Communications Team!

We noticed that this enhancement had a feature blog in the previous release - thank you for that! 🙌

For the v1.34 release, we’re currently collecting and curating a list of potential feature blogs again, and we’d love to know if you’d be interested in writing an updated blog, especially if there are new developments in the beta milestone or other significant changes.

As a reminder, feature blogs are a great way to communicate with users about enhancements that:

• Introduce breaking changes
• Have significant user-facing impact
• Represent long-awaited milestones or updates 🎉

To opt in to write a feature blog, could you please let us know and open a "Feature Blog placeholder PR" (which can be only a skeleton at first) against the website repository by Friday 11th July? For more information about writing a blog, please find the blog contribution guidelines 📚

[!Tip] Some timeline to keep in mind:

• 02:00 UTC Friday 11th July 2025: Feature blog PR freeze
• Friday 8th August 2025: Feature blogs ready for review
• You can find more in the release document

[!Note] In your placeholder PR, use XX characters for the blog date in the front matter and file name. We will work with you on updating the PR with the publication date once we have a final number of feature blogs for this release.

[michellengnx]

Hello @ritazh 👋, 1.34 Docs Lead here.

Does this enhancement work planned for 1.34 require any new docs or modification to existing docs? If so, please follows the steps here to open a PR against dev-1.34 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday 3rd July 2025 18:00 PDT.

Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.

Thank you!

[ritazh]

Thanks for the bump. This KEP will update docs for 1.34. For blog, changes for this KEP can be includes in a larger blog for the DRA feature like we did for 1.33. @pohly please tag me we start working on that.

[dipesh-rawat]

For blog, changes for this KEP can be includes in a larger blog for the DRA feature like we did for 1.33

@ritazh Thanks for sharing the update regarding the plan for a more comprehensive blog on the DRA features. Just a quick reminder - we’ll need a placeholder PR for the blog before 02:00 UTC on Friday, 11th July 2025, which is the feature blog PR freeze (details here). Also, please include the list of DRA KEPs the blog will cover.

[yujen77300]

Hello @ritazh 👋, 1.34 Docs Lead here.

Does this enhancement work planned for 1.34 require any new docs or modification to existing docs? If so, please follows the steps here to open a PR against dev-1.34 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday 3rd July 2025 18:00 PDT.

Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.

Thank you!

Hi @ritazh 👋, 1.34 Docs Shadow here.

Just a reminder to open a placeholder PR against the dev-1.34 branch in the k/website repo if this KEP needs new or updated docs. (steps available here)

The deadline for this is Thursday, July 3 at 18:00 PDT. Thanks! 🚀

[jenshu]

Hey again @ritazh @pohly 👋, v1.34 Enhancements team here.

Just checking in as we approach code freeze and test freeze at 02:00 UTC Friday 25th July 2025 / 19:00 PDT Thursday 24th July 2025.

Here's where this enhancement currently stands:

• [x] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• [ ] All PRs are ready to be merged (they have approved and lgtm labels applied) by the code freeze deadline. This includes tests.

Per the issue description, these are all of the implementation (code-related) PRs for 1.34, some of which are not merged yet:

• https://github.com/kubernetes/kubernetes/pull/131996
• https://github.com/kubernetes/kubernetes/pull/132800

Please let me know (and keep the issue description updated) if there are any other PRs in k/k that we should track for this KEP, so that we can maintain accurate status.

If the implementation work for this enhancement is occurring out-of-tree (i.e., outside of k/k), please link the relevant PRs in the issue description for visibility. Alternatively, if you're unable to provide specific PR links, a confirmation that all out-of-tree implementation work is complete and merged will help us finalize tracking and maintain accuracy.

The status of this enhancement is marked as At risk for code freeze.

If you anticipate missing code freeze, you can file an exception request in advance.

[yujen77300]

Hello @ritazh 👋, 1.34 Docs Shadow here.  Please take a look at Documenting for a release - PR Ready for Review to get your PR ready for review before Tuesday July 29th 2025 18:00 PST. Thank you!

[jenshu]

Hi @ritazh, Just a quick reminder of the upcoming code freeze and test freeze this week at 02:00 UTC Friday 25th July 2025 / 19:00 PDT Thursday 24th July 2025. All code and test PRs to k/k must have the approved and lgtm labels by the deadline. Thanks!

[jenshu]

With all the code PRs merged, this is now tracked for code freeze!

[rayandas]

Hi @ritazh :wave:, v1.35 Enhancements Lead here.

I am closing the v1.34 milestone now.

If you'd like to work on this enhancement in v1.35, please have the SIG lead opt-in by adding the lead-opted-in label, which ensures it gets added to the tracking board. Also, please set the milestone to v1.35 using /milestone v1.35.

Thanks!

/remove-label lead-opted-in /remove-label tracked/yes /milestone clear

[ritazh]

/milestone v1.35