Potential RBAC Support?

[robotica72]

First, great project - I have been doing something similar at work as we enforce requests and limits for all deployments, but many developers have no idea what values to use. In our case we have a dev cluster that doesnt require the request and limits in the deployment and they look at Grafana over a period of time to get a base value for the settings - Not ideal and goldilocks is a much better solution.

My only question / request would be for any RBAC support on the web report? Maybe use auth-headers to limit what namespaces are shown in the report so developers would only see namespaces that they have permission to?

[sudermanjr]

@robotica72 Thanks for the feedback!

This could be a very interesting and potentially very complicated change. I think it's potentially a good one, but not sure we have the time on our roadmap. We'll definitely consider it for Q1.

We are also open to external additions, if you want to write up a short proposal for how it could be done, we might be able to pull in some external help on this one.

[robotica72]

Hi - Thanks for the quick reply.

If I were to use a common example, I would see it implemented in the same manner that the K8s Dashboard is deployed when using the secured model. We take it a step further by using a reverse-proxy that passes the users JWT token to the Dashboard so they only have access to the objects in the cluster that have been assigned to their groups.

The Dash may not be the best example since that has more functions - I havent looked at the implementation for Goldilocks in depth to see if I can offer any suggestions. If I get a chance over the week/weekend to take a look, Ill reply with some additional information.

Thanks!

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Fodoj]

Are there any plans to implement this?

[Fodoj]

/no stale