Open stjudecloud-cloudy opened 4 years ago
Uhmm we have to analyze it. Currently, when a permissionmanageruser
is created, then a serviceaccount
is created too. So all bindings stick to the serviceaccount
subject.
Changes to 🔝 behaviour is a major change that we have to evaluate, but we understand the situation.
This is just creating a service account. We would like to see more functionality like Role Role bindings As per the document, service account is just for application and jobs
In Azure AKS users can have access granted by either by their AD group membership, or directly using AD user ID. It would be extremely useful, if user access management could be done using permission-manager.
In order to achieve it, it would be necessary to allow different kind of subjects for both clusterrolebinding and rolebinding. This is an example of clusterrolebinding used for assigning RBAC to AD group:
Similarly
kind: User
can be used to grant a specific user access to Kubernetes using RBAC. Ideally, web interface should allow creation of different kind of subjects and used created subjects for access grants.