Use encrypted/authenticated connections between controller <-> sidecar #96
Labels
enhancement
New feature or request
Comments
nixpanic
pushed a commit
to nixpanic/kubernetes-csi-addons
that referenced
this issue
Jan 12, 2024
Syncing latest changes from main for kubernetes-csi-addons
|
https://github.com/brancz/kube-rbac-proxy/blob/master/examples/non-resource-url/README.md can probably be used. The CSI-Addons controller can have a ServiceAccount with RBAC that contains a rule to connect to the gRPC server running on the CSI-Addons sidecar. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The
certificates.k8s.ioAPI or some Kubernetes native certificate manager should be used for the connections between the controller and sidecar. The sidecar should have the ability to verify that the incoming connection is from a valid controller.The controller should probably use a client certificate, and the sidecar should check verify that the owner has permissions to connect.
The text was updated successfully, but these errors were encountered: