Skip to content
This repository has been archived by the owner on Sep 22, 2020. It is now read-only.

need access control of volumes #375

Open
nak3 opened this issue Oct 31, 2016 · 1 comment
Open

need access control of volumes #375

nak3 opened this issue Oct 31, 2016 · 1 comment
Labels
area/kubernetes integration area/usability component/mount tools kind/design

Comments

@nak3
Copy link
Contributor

nak3 commented Oct 31, 2016

Currently, any users who accesses MDS(etcd) can list and use(mount) volumes. To avoid accident, access control should be implemented.
There may be many ideas, but I personally think these two are necessary at the basic level.

  1. suspend function (or start/stop) for volumes.
  2. allow or reject restriction by client IPs or IP range.
@barakmich
Copy link
Contributor

This requires a bit of thought. True; anyone with access to etcd can mess with it. This should evolve as etcd3 acls evolve.

A short term solution is to present a valid gRPC client cert to etcd; only valid users are signed.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/kubernetes integration area/usability component/mount tools kind/design
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@barakmich @nak3