Skip to content

Per-controller service accounts #208

New issue
New issue
Closed
Closed
Per-controller service accounts#208
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.priority/backlogHigher priority than priority/awaiting-more-evidence.
@DirectXMan12

Description

@DirectXMan12
DirectXMan12
opened on Nov 13, 2018

For the security-conscious, supporting per-controller service accounts is a nice way to ensure that individual controllers only are allowed to do what they need to do. Ideally, such controllers would each have their own manager and be run in separate pods, but practically, the performance benefits from shared caches, plus the desired to gradually refactor existing multi-controller managers makes the immediate jump to controller-per-pod infeasible.

We'd need to research what would be required to actually make this occur -- IIRC, it's not as "easy" to inject multiple SA tokens into a single pod, but should still be doable.

cc @cheftako

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.priority/backlogHigher priority than priority/awaiting-more-evidence.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions