Skip to content
This repository has been archived by the owner on Aug 4, 2020. It is now read-only.

Should we handle rbac for Kubernetes #28

Closed
carlioth opened this issue Oct 6, 2017 · 1 comment
Closed

Should we handle rbac for Kubernetes #28

carlioth opened this issue Oct 6, 2017 · 1 comment

Comments

@carlioth
Copy link
Contributor

carlioth commented Oct 6, 2017

Kubernetes offers rbac (Role based access controll)
This is something that is enabled when starting your api server with parameter:
--authorization-mode=RBAC
To test this in minikube:
minikube start --extra-config=apiserver.Authorization.Mode=RBAC
If this is enabled you need to give Mira's sidecart container (kubectl) specific permissions to query the api.
More info here:
https://kubernetes.io/docs/admin/authorization/rbac/

Discovery role should be sufficient:
https://kubernetes.io/docs/admin/authorization/rbac/#discovery-roles

Helm and rbac:
https://github.com/kubernetes/helm/blob/master/docs/service_accounts.md
Issue describing the problem with helm and rbac:
helm/helm#2224

Good walkthrou of rbac:
https://docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/

@carlioth
Copy link
Contributor Author

We will be looking more to abac right now. Closing for now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant