Open grampelberg opened 5 years ago
@grampelberg @admc could you please assign this to me? Thanks :)
Note: it is probably worth using smi-metrics where it can be used and expanding the spec where it isn't usable instead of creating a new one-off APIService.
Hi ! I’m exactly in this use-case, do you currently work on it ? Thanks
@PierrePIRONIN I believe that @alenkacz is currently looking into it. You can use smi-metrics as is to do something similar though.
Historical
Many organizations have teams sharing the same cluster which should not see each other's data (multi-tenant). This was addressed for tap as part of #2725. Now that it is possible to have granular, Kubernetes based RBAC policies for tap, statistics should provide a similar benefit.
Description
Introduce view isolation for metrics, defined by Kubernetes RBAC, to provide multi-tenancy to security conscious organizations. We previously have done this using an APIService for tap functionality.
The smi-metrics project already implements Linkerd metrics as an APIService. This has the added value of dogfooding smi-metrics and providing common tooling for other integrations in the future.
Details