Allow customization of authorization mode kubeAPIServer args #9740
Labels
kind/api-change
API change with impact on API users
kind/enhancement
Enhancement, improvement, extension
Comments
gardener-prow
bot
added
kind/api-change
|
We have to discuss to what extent we can expose this such that users cannot exclude/block |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
How to categorize this issue?
/area control-plane
/kind api-change
/kind enhancement
What would you like to be added:
Hello Team 馃憢
We would like to benefit from the ability to use custom Kubernetes authorization webhooks in order to give a gardener provided control plane the ability to defer Authorization decisions to an external authorization engine like OpenFGA.
The ability to be able to configure the necessary kubernetes API server args via the Shoot CRD would be needed in order to achieve our desired result
Why is this needed:
This change is needed to enable users of gardener to profit form all the features that kubernetes provides in regards to authorization modes. We would like to use this feature within the context of the ORA project, so all contributers are able to use a central authorization engine, which is able to give authorization decisions in every layer of the product.
Thanks a lot and let me know in case any other input is needed!
The text was updated successfully, but these errors were encountered: