Comments (6)
@ashish493 can we use this repo to do the authz task for KubeSphere ?
from k8s-authz.
@hsluoyz, yes we can use this repo to do the authz task in kubesphere, but since at present, our repo provides authz for only the operations for pods, I doubt whether it would be highly functional enough for them to integrate it. I will create issues related to it for the addition of features such as to extend the authz for clusters and namespaces of k8s. Let me know what do you think.
Updates related to previous work:-
- I have changed the logo to a transparent background as asked in my fork.
- I will be adding the tests in a day or two.
from k8s-authz.
@ashish493 sounds good! We aim to be a complete authz solution for k8s and its ecosystem. When it's ready, I will promote this project to kubesphere owners for adoption. You can also send small size PRs at times to this origin repo, so we can know its status better.
from k8s-authz.
Thanks @hsluoyz , I will try my best to complete it and make it a successful project.
from k8s-authz.
@hsluoyz , There are various resources in k8s such as pods, jobs, services, endpoints. These resources each have their own operations get,list,watch,create,patch,update,read
and much more.
As of now, our authz supports only create,update,delete,connect
and for only one resource which is for pods. I can easily extend its operations to all existing operations by changing a single line. These operations can be easily defined on the casbin policies like this :
p, role:reader, read
p, role:writer, write
But my doubt is that, how can I define those operations and roles for a different resource in casbin?
Likw do we have to create a separate policy file or something?
from k8s-authz.
Done at: https://github.com/casbin/kubesphere-authz
from k8s-authz.
Related Issues (15)
- The automated release is failing 🚨 HOT 1
- Fix the coverage badge HOT 2
- Make an authorization plugin/middleware for kubernetes (k8s) HOT 4
- Add unit tests to improve test coverage
- Add this k8s-authz middleware to the official list HOT 4
- Fail to run docker build HOT 4
- [Support] setting up k8s authz HOT 11
- link 404 error HOT 2
- error: error validating "deployment.yaml": error validating data: [ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "sideEffects" in io.k8s.api.admissionregistration.v1.ValidatingWebhook, ValidationError(ValidatingWebhookConfiguration.webhooks[0]): missing required field "admissionReviewVersions" in io.k8s.api.admissionregistration.v1.ValidatingWebhook]; if you choose to ignore these errors, turn validation off with --validate=false HOT 1
- 1 dispatcher.go:129] Failed calling webhook, failing open casbin.default.svc: failed calling webhook "casbin.default.svc": Post "https://casbin.default.svc:443/validate?timeout=5s": x509: certificate is not valid for any names, but wanted to match casbin.default.svc HOT 5
- http: TLS handshake error from 192.168.1.41:24206: remote error: tls: bad certificate HOT 2
- export CA_BUNDLE=$(cat certs/ca.crt | base64 | tr -d '\n') cat deployment.yaml | envsubst > deployment.yaml HOT 1
- Add GitHub Actions CI to run the tests HOT 2
- GitHub Actions Run failed: Go - master (3560551) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s-authz.