-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make default namespace configurable #91
Comments
Some more details on the design we discussed with @vazirim:
|
@pdettori just curious, are the names |
@cdlliuy Sure, we can rename. Just to be clear, every namespace will still need a seed-default configmap, because this is what will tell us where to look for the secret. It will also contain the context (org/space/resource group) corresponding to that namespace. |
I guess the org/space is optional , right? it is a concept for cf. |
yes but the resourcegroup is needed for non-cf. |
@pdettori After some thinking, I think we may reconsider the design. One major concern is from security. So far I do not have a good idea how to resolve the problem. Suggest to hold on and use seed-secret in user's namespace which open to all namespace users. Will follow this issue later after discuss with more people to get feedback. What do you think ? Thank you. |
@ZhuangYuZY yes, I can see how this makes sense from security perspective. If there is a concern about users accessing the IAM API Key from the secret, one possible approach is to give the IAM API Key only the minimum permissions required to create IBM Cloud Services. |
Yes, now we are working on to try to create a service id with minimum permission to create IBM Cloud service and credential. But seems IBM Cloud operator can not work well with service id, so we created issue #98 to track it. It will be priority for us. |
Fixed in v0.1.7 |
operator should look for seed-secret in current namespace, and if not present, in the namespace specified in seed-defaults, using a naming convention (one seed-secret per namespace)
The text was updated successfully, but these errors were encountered: