Skip to content

Adding security self-assesment for project K3s #1986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
OrlinVasilev wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Adding security self-assesment for project K3s #1986

OrlinVasilev wants to merge 6 commits into from
+185 −0

Conversation

@OrlinVasilev
Copy link
Contributor

@OrlinVasilev OrlinVasilev commented Dec 10, 2025

Adding the K3s security self-assesment as advised by @eddie-knight cncf/tag-security#1500 (comment)

@OrlinVasilev
Adding security self-assesment for project K3s
68e9947 
Signed-off-by: Orlix <orlin@orlix.org>
@OrlinVasilev OrlinVasilev requested a review from a team as a code owner December 10, 2025 10:19
@OrlinVasilev
Copy link
Contributor Author

OrlinVasilev commented Dec 10, 2025

@eddie-knight PTAL ^^ Thanks!

@JustinCappos
Copy link
Contributor

JustinCappos commented Dec 10, 2025

FYI: The contents of the assessment were reviewed and approved from the prior PR. cncf/tag-security#1500 (review)

@OrlinVasilev
Copy link
Contributor Author

OrlinVasilev commented Jan 16, 2026

@eddie-knight @JustinCappos is there anything else we need to get this in? thank you!

@eddie-knight
Copy link
Contributor

eddie-knight commented Jan 16, 2026

@OrlinVasilev This is approved by the TAG, but must be merged by the TOC per the codeowner enforcement

@OrlinVasilev
Copy link
Contributor Author

OrlinVasilev commented Jan 16, 2026

Thank you!

@JustinCappos
Copy link
Contributor

JustinCappos commented Jan 16, 2026

@OrlinVasilev This is approved by the TAG, but must be merged by the TOC per the codeowner enforcement

@mnm678 @jkjell @evankanderson , can you help us move this along?

@jkjell
Copy link
Contributor

jkjell commented Jan 16, 2026
edited
Loading

If we move the assessment to a sub-directory called security-assessment under the k3s directory, the TAG leads should be able to fully approve and merge.

https://github.com/cncf/toc/blob/main/.github/CODEOWNERS#L40

kfaseela
kfaseela reviewed Jan 16, 2026
View reviewed changes
Copy link
Contributor

@kfaseela kfaseela left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR! Just left a few small nits. Otherwise LGTM

projects/k3s/self-assessment.md

This document provides K3s maintainers and stakeholders with additional context to help inform the roadmap creation process, so that security and feature improvements can be prioritized accordingly.

## Security functions and features
Copy link
Contributor

@kfaseela kfaseela Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

RBAC and Pod Security Admission are correctly identified as critical security functions. Per the TAG Security self-assessment guidance, these could optionally be framed more explicitly in threat-modeling terms (e.g., threats mitigated such as unauthorized access or privilege escalation), not mandatory - just a suggestion.

OrlinVasilev and others added 5 commits January 20, 2026 18:10
@OrlinVasilev @kfaseela
Update projects/k3s/self-assessment.md
554b5c7 
Co-authored-by: Faseela K <k.faseela@gmail.com>
Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
@OrlinVasilev @kfaseela
Update projects/k3s/self-assessment.md
41d4ed4 
Co-authored-by: Faseela K <k.faseela@gmail.com>
Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
@OrlinVasilev @kfaseela
Update projects/k3s/self-assessment.md
6ed2509 
Co-authored-by: Faseela K <k.faseela@gmail.com>
Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
@OrlinVasilev @kfaseela
Update projects/k3s/self-assessment.md
1917f06 
Co-authored-by: Faseela K <k.faseela@gmail.com>
Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
@OrlinVasilev @kfaseela
Update projects/k3s/self-assessment.md
a895e05 
Co-authored-by: Faseela K <k.faseela@gmail.com>
Signed-off-by: Orlix <7236111+OrlinVasilev@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kfaseela kfaseela kfaseela left review comments

@eddie-knight eddie-knight eddie-knight approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@OrlinVasilev @JustinCappos @eddie-knight @jkjell @kfaseela