Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Proposal] KubeZoo supports using service account tokens to identify tenants without sa.pub and sa.key #35

Open
Tracked by #37
caohe opened this issue Feb 6, 2023 · 1 comment
Open
Tracked by #37

[Proposal] KubeZoo supports using service account tokens to identify tenants without sa.pub and sa.key #35

caohe opened this issue Feb 6, 2023 · 1 comment
Labels
enhancement New feature or request
Milestone
v0.3.0

Comments

@caohe
Copy link
Member

caohe commented Feb 6, 2023

What would you like to be added?

KubeZoo supports identifying tenants with service account tokens by transparently passing tokens to the upstream cluster. That is, kubezoo does not need to authenticate tenants, while the upstream cluster authenticates them.

Why is this needed?

Currently, KubeZoo supports identifying tenants with service account tokens. This requires the admin to provide sa.pub and sa.key of the upstream cluster when deploying KubeZoo. However, users cannot access sa.pub and sa.key on some public clouds.

Therefore, KubeZoo needs to support using service account tokens to identify tenants without sa.pub and sa.key.
@caohe caohe added the enhancement New feature or request label Feb 6, 2023
@caohe caohe added this to the v0.3.0 milestone Feb 6, 2023
@caohe caohe mentioned this issue Feb 6, 2023
Open
4 tasks
@caohe caohe moved this to 📋 Backlog in KubeZoo Development Dashboard Feb 6, 2023
@SOF3
Copy link
Member

SOF3 commented Feb 7, 2023
edited
Loading

Related: #29 is blocking on this issue and/or #34 since the coredns pod should authenticate as the tenant using its own serviceaccount in the tenant namespace.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
KubeZoo Development Dashboard
Status: 📋 Backlog
Milestone
v0.3.0
Development

No branches or pull requests
2 participants
@caohe @SOF3