Support more fine-grained access control #4147
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
Hcryw
added
the
kind/feature
|
Do you mean add built-in clusterroles and so users can use them go generate different access? |
Yes,we may then create clusterrolebindings to bind to certain users in our clusters. |
|
I think we can enhance it |
That's great, here is the PR: #4174 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What is the problem you're trying to solve
In multi-tenant environments or scenarios with multiple user access control, we may want to provide specific permissions for different users or service accounts. So we need certain roles to help us achieve permission isolation within a Kubernetes cluster, ensuring that different users can only access the resources they need, without being able to access other resources freely.
Describe the solution you'd like
Take Kuberay as an example, two clusterroles are provided: ray_rayjob_editor_role and ray_rayjob_viewer_role, the former allows editing rayjobs, while the latter can only query rayjobs.
https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/templates/ray_rayjob_editor_role.yaml
https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/templates/ray_rayjob_viewer_role.yaml
So we wonder if we can add certain clusterroles in Volcano to support more fine-grained access control.
Additional context
No response
The text was updated successfully, but these errors were encountered: