You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 14, 2023. It is now read-only.
Issue scenario: A big company want to use the grafana-operator to host multiple different grafana instances with multiple different dashboards/datasources.
The company use different grafana instances to separate data sharing between the teams.
If a malicious user with namespace access want to get access to the grafanadatasource of another team all he needs to do is to create a grafana instances that matches the same labels that the other team uses.
Solution
You could argue that this is something that the cloud administrators should think about and hinder by setting ValidatingAdmissionWebhooks.
But a general best practice to follow is to make a project as easy as possible to use securely.
To make this I think that we should introduce a new config value to the grafanadatasource and grafanadashboard being something like namespaceLocalOnly which should be true by default.
If this value is true the operator won't sync to any grafana instance outside of that namespace.
I still think it's important to support being able to have a single grafana instances that multiple users/teams/namespace can contribute to. But I think the general use case will be one grafana instance in one namespace with the same datasource and dashboards in the same namespace.
The text was updated successfully, but these errors were encountered:
This solves a real problem, but we need a descriptive name for the field and point it out in documentation that this is the default behaviour. If you want you can have dashboards in one and Grafana in another namespace.
Issue scenario: A big company want to use the grafana-operator to host multiple different grafana instances with multiple different dashboards/datasources.
The company use different grafana instances to separate data sharing between the teams.
If a malicious user with namespace access want to get access to the grafanadatasource of another team all he needs to do is to create a grafana instances that matches the same labels that the other team uses.
Solution
You could argue that this is something that the cloud administrators should think about and hinder by setting ValidatingAdmissionWebhooks.
But a general best practice to follow is to make a project as easy as possible to use securely.
To make this I think that we should introduce a new config value to the
grafanadatasource
andgrafanadashboard
being something likenamespaceLocalOnly
which should be true by default.If this value is true the operator won't sync to any grafana instance outside of that namespace.
I still think it's important to support being able to have a single grafana instances that multiple users/teams/namespace can contribute to. But I think the general use case will be one grafana instance in one namespace with the same datasource and dashboards in the same namespace.
The text was updated successfully, but these errors were encountered: