Uploaded image for project: 'OpenShift Monitoring'
  1. OpenShift Monitoring
  2. MON-1561

Implement static authorizer in upstream kube-rbac-proxy

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • False
    • False
    • NEW
    • NEW
    • Undefined
    • Monitoring - Sprint 199, Monitoring - Sprint 200
    • 0

      To save on API resources, the downstream version of kube-rbac-proxy includes a patch which allows all requests to the /metrics endpoint when authenticated by the prometheus-k8s service account. The goal here is to avoid sending subject access reviews to the Kubernetes API.

      Instead of maintaining a downstream patch, the upstream version should support static authorization mapping and all components using kube-rbac-proxy for metrics authn/authz should be configured to authorize the prometheus-k8s service account.

      DoD:

            surbania Sergiusz Urbaniak (Inactive)
            spasquie@redhat.com Simon Pasquier
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: