Skip to content

Multi-DC permissions hardening #2577

New issue
New issue
Open
Open
Multi-DC permissions hardening#2577
Labels
area/securitypriority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.
@mflendrich

Description

@mflendrich
mflendrich
opened on Apr 7, 2025

Stemming from #2524 (comment).

With an understanding that in a Multi-DC setup granting all verbs access across secrets and configmaps in all namespaces means effectively granting unconditional cluster-admin to the RemoteKubernetesCluster representing the remote DC, there is a need to empower the users of automated multi-DC to grant a narrower set of permissions to the control-plane cluster.

Acceptance Criteria

  • It is possible to run automated multi-DC with API access to a remote k8s cluster limited to a predefined set of namespaces.
  • It is possible restrict that access down to a small set of secret/configmap names to guarantee prevention of injection of config into 3rd party apps in the cluster (or even in the specified namespace - that can be running 3rd party components, like a service mesh).

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/securitypriority/important-longtermImportant over the long term, but may not be staffed and/or may need multiple releases to complete.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions