Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Services need fine-grained permissions #8723

New issue
New issue
Closed
Closed
Services need fine-grained permissions#8723
Labels
kind/designCategorizes issue or PR as related to design.priority/backlogHigher priority than priority/awaiting-more-evidence.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.sig/authCategorizes an issue or PR as relevant to SIG Auth.sig/networkCategorizes an issue or PR as relevant to SIG Network.
@erictune

Description

@erictune
erictune
opened on May 23, 2015

We may want to let users create services, but not let them use all the possible options.

  • often we might not want a user to be allowed to pick ServiceType = NodePort because this consumes global resources.
  • possibly we might not want a user to be allowed to pick ServiceType = LoadBalancer, since this exposes services outside the cluster.
  • Possibly user-specified PortalIP is needs restriction too?

For Pods we have a proposal to make a SecurityConstraint that controls some security sensitive fields which are grouped into a SecurityContext. Does this pattern apply to service as well in some way?

Sometimes we want to let a principal create pods, but not allow them to use all the possible options on pods. One way we are looking at doing this is to group some sensitive options

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/designCategorizes issue or PR as related to design.priority/backlogHigher priority than priority/awaiting-more-evidence.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.sig/authCategorizes an issue or PR as relevant to SIG Auth.sig/networkCategorizes an issue or PR as relevant to SIG Network.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions