commit | b13b7ffcdb3d37022d4cad4603b9bdacc6c54936 | [log] [tgz] |
---|---|---|
author | Sergiusz Bazanski <q3k@hackerspace.pl> | Thu Aug 29 20:12:24 2019 +0200 |
committer | Sergiusz Bazanski <q3k@hackerspace.pl> | Fri Aug 30 23:08:18 2019 +0200 |
tree | fa2309b04edc36fe855f9e344dae4a91ef376add | |
parent | d16454badc639bcec7ab4b54e7fe6a897b6052af [diff] |
prod{access,vider}: implement Prodaccess/Prodvider allow issuing short-lived certificates for all SSO users to access the kubernetes cluster. Currently, all users get a personal-$username namespace in which they have adminitrative rights. Otherwise, they get no access. In addition, we define a static CRB to allow some admins access to everything. In the future, this will be more granular. We also update relevant documentation. Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153