Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

traefik controller access to secrets #1707

Merged
merged 1 commit into from Jul 7, 2017
Merged

traefik controller access to secrets #1707

merged 1 commit into from Jul 7, 2017

Conversation

spinto
Copy link
Contributor

@spinto spinto commented Jun 3, 2017

The traefik controller shall have access to secrets for the k8s basic authentication (#1488) to work

Slahser
Slahser reviewed Jun 5, 2017
View reviewed changes
Copy link

@Slahser Slahser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yeah,i think this pr should be merged,some people fix this issue themeselves

@timoreimann
Copy link
Contributor

I wonder if we should formulate this in a more conditional manner. Presumably, secrets access will only be required by those that actually use basic authentication?

@Scukerman Scukerman mentioned this pull request Jun 27, 2017
Closed
@timoreimann
Copy link
Contributor

Answering myself:

I wonder if we should formulate this in a more conditional manner. Presumably, secrets access will only be required by those that actually use basic authentication?

Sadly, Traefik does not conditionally watch for secrets as of now. See also #1784.

So this one seems okay.

timoreimann
timoreimann approved these changes Jun 27, 2017
View reviewed changes
Copy link
Contributor

@timoreimann timoreimann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dtomcej @errm WDYT?

@ldez ldez added this to the 1.4 milestone Jun 27, 2017
This was referenced Jul 4, 2017
Open
Closed
errm
errm approved these changes Jul 7, 2017
View reviewed changes
Copy link
Contributor

@errm errm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM as an example that should work in all cases.

In practice if I were paranoid I would probably use a more granular rule here:

- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["name-of-a-secret"]
  verbs: ["get","list","watch"]

dtomcej
dtomcej approved these changes Jul 7, 2017
View reviewed changes
Copy link
Contributor

@dtomcej dtomcej left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

:shipit:

@spinto @ldez
traefik controller access to secrets
5d52587 
The traefik controller shall have access to secrets for the k8s basic authentication (traefik#1488) to work
@ldez ldez merged commit ca5bbab into traefik:master Jul 7, 2017
@spinto spinto deleted the patch-1 branch July 11, 2017 07:24
@timoreimann timoreimann mentioned this pull request Jul 24, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Slahser Slahser Slahser left review comments

@errm errm errm approved these changes

@timoreimann timoreimann timoreimann approved these changes

@dtomcej dtomcej dtomcej approved these changes

Assignees
No one assigned
Labels
area/authentication area/documentation area/provider/k8s/ingress kind/enhancement a new or improved feature.
Projects
None yet
Milestone
1.4
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@spinto @timoreimann @errm @Slahser @dtomcej @ldez