Comments (2)
jkremser
commented on August 18, 2024
Could you please elaborate here a bit? I am not sure what you mean by "RBAC's certificates". the new DefaultKubernetesClient() should be 0-configuration mechanism that should create the client possibly from different sources in the following order of priority:
- System properties
- Environment variables
- Kube config file
- Service account token & mounted CA certificate
There is also DefaultKubernetesClient(Config config) constructor where a lot of things can be customized in the config, are you asking about this feature? Because when reading "CRD's that are protected by RBAC" I can imagine the rules in the yaml file like in here ~ "AuthZ" and not certificates. Certificates are often used w/ asymmetric crypto for AuthN rather than AuthZ, but Kubernetes is a huge beast and it's more than possible that I am missing some important feature here :)
from abstract-operator.
despondency
commented on August 18, 2024
Hello,
I think we understood each other, i meant that if i generate a certificate for a user and create a ServiceAccount assigning ClusterRole/Roles to this ServiceAccount, I am used to configuring it with the DefaultKubernetesClient(Config config) constructor, but from what you are typing, it seems you can do it with env vars/system vars or with the kubeconfig on the machine.
Thanks Jiri,
Best,
Mario
from abstract-operator.
Related Issues (20)
- getDesiredSet shouldn't cause the operator crash
- For CRDs add support for short names HOT 1
- OPERATOR_OPERATION_TIMEOUT_MS isn't being used anywhere
- When trying to create non-existent CRDs it doesn't check for spec.group attribute
- Adding namespace to the resources HOT 12
- Strange connection error HOT 2
- Dependabot couldn't authenticate with https://oss.sonatype.org/content/repositories/releases
- New implementation build on the framework HOT 1
- Using framework on OpenShift 4 HOT 4
- Java 12 and Operator detection HOT 2
- microbean-kubernetes-controller
- Bug in Custom resource watcher HOT 1
- [Question] Consuming From another Operator HOT 11
- Leaked HTTP requests due to okhttp in io.fabric8.kubernetes-client
- Rebase on quarkus HOT 1
- What is the main class right now? HOT 1
- Add a way to specify additionalPrinterColumns in the CRDs
- travis can't pull the jdk HOT 1
- How to Use the operator?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from abstract-operator.