RBAC configuration

Question

RBAC configuration

dealproc opened this issue 6 years ago · 2 comments

In the event someone is using RBAC within k8s, is there documentation on what access rights must be given to the Silos and Orleans clients so that they can interoperate using the k8s data store?

Answer 1 · 2018-12-18T02:17:23.000Z

This provider doesn't deal directly with RBAC. It assume that the service account used inside the POD has access to the Kube API Server.

That being said, the answer is "It depends".

If you are developing on your local machine, keep the full access to the service account or don't use RBAC at all.
If you are in production, you can:

Use RBAC with full access to the service account if you want the silo to create CRDs (not recommended)
Pre-deploy the CRDs on the cluster using an admin account with the .yml files provided on this repo. On the CRDs are deployed, allow the service account to read/write objects based on those CRDs. (recommended)

Answer 2 · 2018-12-18T02:41:00.000Z

Check https://github.com/OrleansContrib/Orleans.Clustering.Kubernetes#security-considerations that should answer your questions.