Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add an ability to use kubernetes API proxy on Kubernetes #19813

Closed
sleshchenko opened this issue May 17, 2021 · 1 comment
Closed

Add an ability to use kubernetes API proxy on Kubernetes #19813

sleshchenko opened this issue May 17, 2021 · 1 comment
Labels
area/che-server area/dashboard kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Milestone
7.32

Comments

@sleshchenko
Copy link
Member

Is your task related to a problem? Please describe.

Currently, kubernetes API proxy supports only OpenShift with OAuth enabled.
And this issue is about enabling an ability to use Kubernetes Proxy on Kubernetes.

Describe the solution you'd like

Since we don't have in the session(browser) the identity with which we can access K8s API, proxy would need use ServiceAccount's identity, but to avoid privileges escalation it would additionally need to check if users accessing their default namespace, which should be only available.

Describe alternatives you've considered

It can be done on Che Server K8s API proxy that we have
Or dashboard backend which is not in a place yet

Additional context
@sleshchenko sleshchenko added kind/task Internal things, technical debt, and to-do tasks to be performed. area/dashboard area/che-server labels May 17, 2021
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label May 17, 2021
@sleshchenko sleshchenko added severity/P1 Has a major impact to usage or development of the system. and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels May 17, 2021
@sleshchenko sleshchenko mentioned this issue May 17, 2021
Closed
29 tasks
@skabashnyuk skabashnyuk mentioned this issue May 24, 2021
Closed
13 tasks
@xbaran4 xbaran4 mentioned this issue May 24, 2021
Merged
9 tasks
@skabashnyuk skabashnyuk mentioned this issue May 26, 2021
Closed
11 tasks
@skabashnyuk skabashnyuk modified the milestones: 7.31, 7.32 May 26, 2021
@skabashnyuk skabashnyuk mentioned this issue Jun 3, 2021
Closed
@skabashnyuk
Copy link
Contributor

API is available in k8s. I want to create a separate issue for devworkspace on k8s.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/che-server area/dashboard kind/task Internal things, technical debt, and to-do tasks to be performed. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
7.32
Development

No branches or pull requests
3 participants
@skabashnyuk @sleshchenko @che-bot