Comments (1)
Hi @NOBLES5E, thanks for bring this to our attention! You're right that the operator does allow users who can create DopplerSecret
resources in any namespace to pull secrets from any token secret in the system. For example,
- You have
app1
andapp2
namespaces - You install the Doppler operator, which adds the
doppler-operator-system
namespace - You create a token k8s secret containing your service token at
doppler-operator-system/doppler-token-secret
, as we recommend in our docs - You create a DopplerSecret at
app1/doppler-secret-1
which referencesdoppler-operator-system/doppler-token-secret
and managed k8s secretapp1/k8s-secret-1
, the operator syncs the data to the managed secret - You create a DopplerSecret at
app2/doppler-secret-2
which also referencesdoppler-operator-system/doppler-token-secret
, and you specify managed k8s secretapp2/k8s-secret-2
, the operator syncs the data to the managed secret
As a result, app2
was able to access doppler-operator-system/doppler-token-secret
(and use the operator to fetch the underlying secrets) just by being able to create DopplerSecret CRDs -- even though it was created/owned by app1
.
We initially intended that your clusters would be configured such that only privileged users can create DopplerSecret
resources but I certainly see how it would be concerning and unintuitive to have resource creation as the gate for access to all Doppler-based secrets in your cluster.
I think a better approach here would be to require that the token k8s secret, DopplerSecret
resource, and managed k8s secret must all exist in the same namespace. This will silo all data to each namespace. Does this solution sound like it would meet your requirements?
from kubernetes-operator.
Related Issues (15)
- Getting started from Readme not working HOT 1
- Support for ARM64-based CPUs HOT 4
- Default namespace for TokenSecret not applied correctly HOT 5
- Add support for templating values HOT 5
- cannot find Service Account HOT 3
- allow custom namespace HOT 1
- Feature: Support kubernetes.io/tls instead of only Opaque HOT 6
- Request for change of behavior introduced in 1.2.0 which breaks prior use cases HOT 4
- Random failure publishing new secrets on changes HOT 4
- Allow DopplerSecret to be deployed to other namespaces HOT 1
- recommended.yaml not available in latest HOT 4
- GCP GKE INFO logs are showing ERROR HOT 5
- Feature request: Service Account support HOT 1
- Pod/Deployment doesn't restart although recognized by the operator HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubernetes-operator.