White paper on security and cluster isolation for kubernetes. #86
Comments
Ran info
|
@kerneltime the problem was a permission issue on the vCenter. Do you think it is possible to add in the documentation a list of permissions that are needed? |
@cvauvarin yes of course, can you elaborate on the permissions problem? The last you mentioned that the disk was attached to the VM, I am not sure why permissions made a difference. |
Yes the disk was attached to the VM but the Here is the list of the permissions we applied :
Don't think it was a problem of reading the uuid, do you think it can be a problem writing some metadata ? |
Thank you for the additional info. |
This issue tracks the list of privileges the user needs to specify in vSphere UI in order to configure vSphere cloud provider. |
A hacky reference between API spec and UI spec |
Partial list
|
The goal here is to have a white paper that explains what is possible to isolate the credentials used in kubernetes and what is the level of isolation achieved and gaps that a customer should be aware about. |
Updated Getting Started Guide with minimal set of privileges required for vSphere Cloud Provider |
Updated k8s-anywhere prerequisites section with privileges required for Kubernetes-Anywhere. |
Updated documentation with required set of roles and permissions required for Kubernetes vsphere cloud provider. |
No description provided.
The text was updated successfully, but these errors were encountered: