We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why do we need non-k8s resource authz expansion?
Assumed that we have a bookinfo server and we want to make a decision who can access bookinfo and by how?
How to expand authz of non-k8s resource?
Introduce new crd ExternalResource for mapping non-k8s resource so that we can use it as general k8s resource to rbac
ExternalResource
apiVersion: extension.kubecube.io/v1 kind: ExternalResource metadata: name: bookinfo spec: namespaced: false --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: platform-admin rules: ... - apiGroups: - "extension.kubecube.io/v1" resources: - externalresources resourceNames: - bookinfo verbs: - get - list - watch - create - delete - deletecollection - patch - update
The text was updated successfully, but these errors were encountered:
zhujf1989
weilaaa
Successfully merging a pull request may close this issue.
Why do we need non-k8s resource authz expansion?
Assumed that we have a bookinfo server and we want to make a decision who can access bookinfo and by how?
How to expand authz of non-k8s resource?
Introduce new crd
ExternalResource
for mapping non-k8s resource so that we can use it as general k8s resource to rbacThe text was updated successfully, but these errors were encountered: