This repository has been archived by the owner on Aug 4, 2020. It is now read-only.
Should we handle rbac for Kubernetes #28
Labels
Comments
|
We will be looking more to abac right now. Closing for now. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Kubernetes offers rbac (Role based access controll)
This is something that is enabled when starting your api server with parameter:
--authorization-mode=RBACTo test this in minikube:
minikube start --extra-config=apiserver.Authorization.Mode=RBACIf this is enabled you need to give Mira's sidecart container (kubectl) specific permissions to query the api.
More info here:
https://kubernetes.io/docs/admin/authorization/rbac/
Discovery role should be sufficient:
https://kubernetes.io/docs/admin/authorization/rbac/#discovery-roles
Helm and rbac:
https://github.com/kubernetes/helm/blob/master/docs/service_accounts.md
Issue describing the problem with helm and rbac:
helm/helm#2224
Good walkthrou of rbac:
https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
The text was updated successfully, but these errors were encountered: