-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Integrate Gatekeeper and Casbin into KubeSphere #4139
Comments
I found that casbin/kubesphere-authz is a newly launched project, It seems that not fully developed enough, until then we can invite more community users to test. |
Greetings. I am actually the developer of casbin/kubesphere-authz. Indeed casbin/kubesphere-authz isn't fully developed yet, but I 've already been awared of this proposal, and currently I am actively cooperating with @sagilio. I shall do my utmost to fulfill and implement casbin/kubesphere-authz to make it keep pace with the developing schedule of ks. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
@sagilio @ComradeProgrammer any update on this issue? |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
/kind feature |
Background
PodSecurityPolicy (PSP) has been stuck in beta since it was introduced in Kubernetes 1.3 and now it is being deprecated in Kubernetes 1.21, this starts the countdown to its removal.
Kubernetes also allows decoupling policy decisions from the inner workings of the API Server by means of admission controller webhooks, which are executed whenever a resource is created, updated or deleted, So we can use some third-party controllers to instead it.
Proposal
Gatekeeper is a validating (mutating TBA) webhook that enforces CRD-based policies executed by Open Policy Agent. We can integrate Gatekeeper to KubeSphere, and manage the common rules and policies through CRD.
Casbin is an authorization library that supports access control models like ACL, RBAC, ABAC and has many users, and the casbin community will do the best to support this feature. Trace issue: casbin/kubesphere-authz#4
I think this feature can support these points:
What things do we need to do?
/area security
/kind proposal
The text was updated successfully, but these errors were encountered: