Closed chrisdoherty4 closed 2 years ago
Is the idea to have cluster wide Secret read as the default RBAC or can we instead have the default manifest that Rufio generates to have everything namespaced? This allows the users to modify the manifest to how they want their cluster permissions to looks like.
I'm proposing cluster wide read access by default to enable a functional out of the box Rufio.
Trying to restrict to a subset of namespaces requires knowing what those namespaces are which isn't possible (for codification purposes) as the operator defines them. This approach is adopted by several open source projects already because Kubernetes doesn't offer a way to model transitive access.
I've been told transitive access is in the works upstream in Kubernetes and will allow operators to define I can read B if B is referenced by A and I have read access to A
semantics which is really what we want.
The default RBAC deployed with Rufio doesn't let it read secrets across namespaces. This is problematic as secrets containing BMC credentials are referenced by Machine resources and could reside in a different namespace.
Kubernetes doesn't currently offer a way to model access to secrets referenced from existing objects so its common practice to allow cluster wide reads and let consumers reconfigure the RBAC to their needs on deployment.