Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[kong] improve RBAC documentation #95

Merged
merged 2 commits into from
Apr 1, 2020
Merged

[kong] improve RBAC documentation #95

merged 2 commits into from
Apr 1, 2020

Conversation

rainest
Copy link
Contributor

@rainest rainest commented Mar 27, 2020

What this PR does / why we need it:

Improves existing RBAC docs to better show how to set up the initial super-admin and allow the controller to talk to RBAC-secured instances.

Special notes for your reviewer:

  • This does not discuss readiness/liveness checks, which also currently require tokens. Intent is to add a custom server block listen to approximate status_listen (and eventually replace it with the standard status_listen), removing the need for admin API status calls. This will be a separate PR.
  • ed7e1b6 further adds an example for the controller within values.yaml. None for Kong itself, since that variable should only be in place temporarily.

Checklist

[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]

  • PR is based off the current tip of the next branch and targets next, not master
  • Title of the PR and commit headers start with chart name (e.g. [kong])

@rainest
[kong] improve RBAC documentation
fdaafc1 
* Add practical examples to the RBAC section of README.md.
* Call out setting an initial super-admin password in the brief
  Enterprise documentation.
* Add RBAC documentation for ingress controller.
* Fix several minor formatting issues.
@hbagdi
Copy link
Member

hbagdi commented Apr 1, 2020

This does not discuss readiness/liveness checks, which also currently require tokens. Intent is to add a custom server block listen to approximate status_listen (and eventually replace it with the standard status_listen), removing the need for admin API status calls. This will be a separate PR.

I might be missing something. Doesn't the existing server block configmap and metrics take care of the health checks? We don't rely on Admin API status checks.

hbagdi
hbagdi suggested changes Apr 1, 2020
View reviewed changes
charts/kong/README.md Outdated Show resolved Hide resolved
@rainest
[kong] clarify steps for admin token handling
cffe165 
Clarify that users should first create an RBAC user for the controller
and only remove the initial super-admin configuration after switching to
the controller user.
@rainest rainest requested a review from hbagdi April 1, 2020 21:28
@hbagdi hbagdi merged commit 1a24b3b into next Apr 1, 2020
@hbagdi hbagdi deleted the doc/rbac-revamp branch April 2, 2020 15:16
rainest added a commit that referenced this pull request Apr 10, 2020
@rainest
[kong] improve RBAC documentation
38f48e4 
* Add practical examples to the RBAC section of README.md.
* Call out setting an initial super-admin password in the brief
  Enterprise documentation.
* Add RBAC documentation for ingress controller.
* Fix several minor formatting issues.

From #95
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hbagdi hbagdi hbagdi approved these changes

Assignees
No one assigned
Labels
changes requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@rainest @hbagdi