New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
KEP-4322: add credentials #4579
base: master
Are you sure you want to change the base?
Conversation
skitt
commented
Apr 16, 2024
- One-line PR description: add credentials, as discussed at KubeCon NA 2024.
- Issue link:
- Other comments:
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: skitt The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/cc @qiujian16 @mikeshng |
@skitt: GitHub didn't allow me to request PR reviews from the following users: qiujian16, mikeshng. Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
FYI @mikeshng @qiujian16 |
As discussed at KubeCon NA 2024. Signed-off-by: Stephen Kitt <skitt@redhat.com>
6638ac5
to
7215ebc
Compare
Thanks @skitt We have the PR for the rename here in case you want to use the new naming: #4533 |
@@ -467,6 +471,32 @@ to be added by the cluster manager upon creation. The value of the label | |||
MUST be the same as the name of the cluster manager. The purpose of this | |||
label is to make filter clusters from different cluster managers easier. | |||
|
|||
#### Endpoints and access credentials | |||
|
|||
Three fields provide the information needed to access the cluster's API endpoint. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I need to clarify which of these are optional.
|
||
##### Credential object reference | ||
|
||
A reference to an external object providing access credentials. This |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what permission the credential will have? will it decided solely by the provider, or user need to request as a field in the spec?
manager identifying how the credential information is supposed to be | ||
used. | ||
|
||
##### Credential object reference |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
sorry I missed kubecon where this may have been discussed more, but would this object contain an actual credential? what would this credential be used by and for?
It seems to me that multicluster controllers that want to leverage the ClusterProfile should provide their own credentials as they may have different needs on the cluster itself and therefore different authorization mapped to them.