-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Spiffe support #1186
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
marquiz
added
the
kind/feature
Categorizes issue or PR as related to a new feature.
label
Apr 25, 2023
/assign |
This was referenced Oct 23, 2023
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
label
Jan 27, 2024
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
label
Jan 30, 2024
Only comment, is make sure is optional and easy to enable/disable from HELM |
@ArangoGutierrez yes that's for sure! |
2 tasks
/assign |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
Support SPIFFE for verifying nfd-worker/labeler IDs. For example, utilize spiffe IDs for verifying the identity of creator of NodeFeature objects, so that an actor from node A will not be able to modify properties of node B. This would also add one extra layer of protection (in addition to RBAC) on who is authorized to modify nodes with NodeFeature objects.
To simplify, gRPC could be possibly left out-of-scope, if needed, as it's being phased out.
Inspired by comment from @AhmedGrati on the node-feature-discovery slack channel.
Why is this needed:
Improved security
The text was updated successfully, but these errors were encountered: