Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Future-proof users & tokens #58

Closed
thedodd opened this issue Jun 9, 2021 · 1 comment
Closed

Future-proof users & tokens #58

thedodd opened this issue Jun 9, 2021 · 1 comment
Labels
A-auth Authentication and authorization
Milestone
First Release

Comments

@thedodd
Copy link
Collaborator

thedodd commented Jun 9, 2021

Tokens

Users may very likely want to have tokens issued from some other security provider, such as Vault or perhaps some cloud specific system. As such, it would be good to at least leave the model open such that various token provider backends may be used.

  • Review any such possibilities, primarily with Vault or SealedSecrets.
  • If there are such possibilities which match with the Hadron use case, then review if we should refactor the Token CRD or just leave open a design for new CRD types which could be specific to the various backends.

Users

Ultimately the plan is to support basic auth user creds for access to the observability/metrics/monitoring interface exposed by Hadron.

  • With the new User CRD, we will likely have the model define a reference to a secret in the same cluster, and the credentials will be extracted from the secret and used as a source for user auth.
  • This approach would work well with standard k8s basic-auth secrets as well as SealedSecrets (ultimately the same thing), and any other option which generates a k8s manifest which we can reference.
@thedodd thedodd added server A-auth Authentication and authorization labels Jun 9, 2021
@thedodd thedodd added this to the First Release milestone Jun 9, 2021
@thedodd
Copy link
Collaborator Author

thedodd commented Aug 16, 2021

Superseded by RFC 008.

@thedodd thedodd closed this as completed Aug 16, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-auth Authentication and authorization
Projects
None yet
Milestone
First Release
Development

No branches or pull requests
1 participant
@thedodd