from Hacker News

Show HN: Kubernetes Permission Manager, Free and OSS Tool to Manage RBAC/Users

by jnardiello on 1/25/20, 6:17 PM with 8 comments

  • by charlieegan3 on 1/25/20, 8:17 PM

    It might be good to clarify your expected users.

    Most Kubernetes users I have worked with integrated with some cloud provider auth or similar to grant permissions to Kubernetes resources.

    I can see this being useful for smaller deployments or when such integrations are unavailable but it might be worth explaining that in the readme of the project.

    Also, how do you see this working in the config as code / ‘gitops’ world? How does this work for clusters in different environments?

  • by znpy on 1/25/20, 10:38 PM

    Thanks, this solves a very important problem in the k8s ecosystem.

    For me personally, I've spent the weekends of the last two months learning ldap basics only to find out that k8s+ldap is another mess on its own.

  • by benwilson-512 on 1/26/20, 12:09 AM

    This looks very cool. Is there a story for managing users associated with AWS IAM roles or users?

  • by aliljet on 1/25/20, 8:38 PM

    This is honestly pretty fantastic. How does this compare with things like Dex+Gangway?

  • by streetcat1 on 1/25/20, 11:31 PM

    so, can you compare this to the OPA? Are you integrating with the OPA?

    Also, there was an old project called casbin which is used by ArgoCD.

    In my system, I created an Account CRD and let an account controller do all the logic. This way you do not need another api server.