Replies: 2 comments 5 replies
-
Hi @steled, Given that cluster owners have "cluster admin" / "root" permissions on the user cluster, it's not possible to deny them access. Cloud provider credentials are necessary for some functionality located within the cluster (e.g. CSI drivers), that's the reason the secret exists. We are aware that users prefer not to expose credentials to cluster owners and are working on removing dependencies on it, so we can eliminate it eventually. One of the major changes necessary for that is #11985. |
Beta Was this translation helpful? Give feedback.
-
Hi @embik, thanks for the reply. |
Beta Was this translation helpful? Give feedback.
-
Hi,
after the deployment of an user cluster we found out that our DC credentials are available in the
kube-system
namespacecloud-config
secret.For example:
Unfortunately in this secret are the needed credentials for the provider stored.
Is it possible to remove this secret or can we deny the access to this secret so that the user of the cluster are not able to see the credentials?
Beta Was this translation helpful? Give feedback.
All reactions