Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] non-k8s resource authz expansion #36

Closed
weilaaa opened this issue Aug 31, 2021 · 0 comments · Fixed by #40
Closed

[Feature] non-k8s resource authz expansion #36

weilaaa opened this issue Aug 31, 2021 · 0 comments · Fixed by #40
Assignees
@zhujf1989 @weilaaa

Comments

@weilaaa
Copy link
Member

weilaaa commented Aug 31, 2021
edited

Why do we need non-k8s resource authz expansion?

Assumed that we have a bookinfo server and we want to make a decision who can access bookinfo and by how?

How to expand authz of non-k8s resource?

Introduce new crd ExternalResource for mapping non-k8s resource so that we can use it as general k8s resource to rbac

apiVersion: extension.kubecube.io/v1
kind: ExternalResource
metadata:
  name: bookinfo
spec:
  namespaced: false
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: platform-admin
rules:
  ...
  - apiGroups:
      - "extension.kubecube.io/v1"
    resources:
      - externalresources
    resourceNames:
      - bookinfo
    verbs:
      - get
      - list
      - watch
      - create
      - delete
      - deletecollection
      - patch
      - update
@weilaaa weilaaa mentioned this issue Sep 1, 2021
Merged
@weilaaa weilaaa linked a pull request Oct 13, 2021 that will close this issue
add k8s api ExternalResource #40
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@zhujf1989 zhujf1989

@weilaaa weilaaa

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

add k8s api ExternalResource kubecube-io/KubeCube
2 participants
@zhujf1989 @weilaaa