You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What would you like to be added:
Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run cloud-native applications in multiple Kubernetes clusters and cloud platforms without changing the application. By using Kubernetes native APIs and providing advanced scheduling capabilities, Karmada implements truly open, multi-cloud Kubernetes.
Karmada project uses RBAC authentication to regulate control access to computer or network resources. If too much resource object access is assigned when configuring RBAC it can lead to privilege abuse to the point where an attacker extends the battle and penetrates the cluster. If too little access to resource objects is assigned when configuring RBAC, it can lead to component functionality anomalies.
Therefore, we plan to sort out the minimum set of RBAC permissions required for Karmada components, amend the current recommended RBAC configuration for Karmada bins to be in line with the RBAC Least Privilege Principle, and ultimately use it to guide Karmada users in configuring RBAC permissions for Karmada components.
OutPuts
A Guidance Document: Karmada Component Minimum RBAC Privilege Set
Function Implementation: Karmada Component RBAC Privilege Minimization
Test Coverage: Writing test cases to cover the added functionality
The text was updated successfully, but these errors were encountered:
@zhzhuang-zju: GitHub didn't allow me to assign the following users: B1F030.
Note that only karmada-io members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.
What would you like to be added:
Karmada (Kubernetes Armada) is a Kubernetes management system that enables you to run cloud-native applications in multiple Kubernetes clusters and cloud platforms without changing the application. By using Kubernetes native APIs and providing advanced scheduling capabilities, Karmada implements truly open, multi-cloud Kubernetes.
Karmada project uses RBAC authentication to regulate control access to computer or network resources. If too much resource object access is assigned when configuring RBAC it can lead to privilege abuse to the point where an attacker extends the battle and penetrates the cluster. If too little access to resource objects is assigned when configuring RBAC, it can lead to component functionality anomalies.
Therefore, we plan to sort out the minimum set of RBAC permissions required for Karmada components, amend the current recommended RBAC configuration for Karmada bins to be in line with the RBAC Least Privilege Principle, and ultimately use it to guide Karmada users in configuring RBAC permissions for Karmada components.
Project link
https://summer-ospp.ac.cn/org/prodetail/245c40153?list=org&navpage=org
Parts of
#4879
tasks
website:
OutPuts
A Guidance Document: Karmada Component Minimum RBAC Privilege Set
Function Implementation: Karmada Component RBAC Privilege Minimization
Test Coverage: Writing test cases to cover the added functionality
The text was updated successfully, but these errors were encountered: