Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-4322: add credentials #4579

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

KEP-4322: add credentials #4579

wants to merge 1 commit into from
+30 −0

Conversation

skitt
Copy link
Member

@skitt skitt commented Apr 16, 2024

  • One-line PR description: add credentials, as discussed at KubeCon NA 2024.
  • Issue link:
  • Other comments:

@k8s-ci-robot k8s-ci-robot added the kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory label Apr 16, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: skitt
Once this PR has been reviewed and has the lgtm label, please assign pmorie for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/multicluster Categorizes an issue or PR as relevant to SIG Multicluster. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 16, 2024
@skitt
Copy link
Member Author

skitt commented Apr 16, 2024

/cc @qiujian16 @mikeshng

@k8s-ci-robot
Copy link
Contributor

@skitt: GitHub didn't allow me to request PR reviews from the following users: qiujian16, mikeshng.

Note that only kubernetes members and repo collaborators can review this PR, and authors cannot review their own PRs.

In response to this:

/cc @qiujian16 @mikeshng

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@skitt
Copy link
Member Author

skitt commented Apr 16, 2024

FYI @mikeshng @qiujian16

@skitt
KEP-4322: add credentials
7215ebc 
As discussed at KubeCon NA 2024.

Signed-off-by: Stephen Kitt <skitt@redhat.com>
@mikeshng
Copy link

FYI @mikeshng @qiujian16

Thanks @skitt We have the PR for the rename here in case you want to use the new naming: #4533

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Apr 16, 2024
@skitt
Copy link
Member Author

skitt commented Apr 16, 2024

Thanks @skitt We have the PR for the rename here in case you want to use the new naming: #4533

Thanks, I’ll rebase on top of that once it goes in.

skitt
skitt commented Apr 16, 2024
View reviewed changes
keps/sig-multicluster/4322-cluster-inventory/README.md
@@ -467,6 +471,32 @@ to be added by the cluster manager upon creation. The value of the label
MUST be the same as the name of the cluster manager. The purpose of this
label is to make filter clusters from different cluster managers easier.

#### Endpoints and access credentials

Three fields provide the information needed to access the cluster's API endpoint.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to clarify which of these are optional.

qiujian16
qiujian16 reviewed Apr 17, 2024
View reviewed changes
keps/sig-multicluster/4322-cluster-inventory/README.md

##### Credential object reference

A reference to an external object providing access credentials. This
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what permission the credential will have? will it decided solely by the provider, or user need to request as a field in the spec?

corentone
corentone reviewed Apr 17, 2024
View reviewed changes
keps/sig-multicluster/4322-cluster-inventory/README.md
manager identifying how the credential information is supposed to be
used.

##### Credential object reference
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry I missed kubecon where this may have been discussed more, but would this object contain an actual credential? what would this credential be used by and for?

It seems to me that multicluster controllers that want to leverage the ClusterProfile should provide their own credentials as they may have different needs on the cluster itself and therefore different authorization mapped to them.

@mikeshng mikeshng mentioned this pull request Apr 22, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@corentone corentone corentone left review comments

@qiujian16 qiujian16 qiujian16 left review comments

@JeremyOT JeremyOT Awaiting requested review from JeremyOT

@palnabarun palnabarun Awaiting requested review from palnabarun

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/kep Categorizes KEP tracking issues and PRs modifying the KEP directory sig/multicluster Categorizes an issue or PR as relevant to SIG Multicluster. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@skitt @k8s-ci-robot @mikeshng @corentone @qiujian16