You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RBAC authorization mode is a flexable and finer-grained authorization mode. The k8s engineers can reuse their security configurations on cloudcore. However, RBAC is complex, it cloud take us several months to implement this feature.
Secondly, we can also utilize the user impersonation mechanism. By adding special HTTP headers, cloudcore acts as the kubelet on a normal worker node. All of authorization modes are supported. However, it's hard to trace the requests from edge nodes.
What would you like to be added/modified:
Add admission for some operations from edge to cloud, like pod deletion, node register.
FYI: https://github.com/kubernetes/kubernetes/blob/master/plugin/pkg/admission/noderestriction/admission.go
Why is this needed:
Security Enhancement
The text was updated successfully, but these errors were encountered: