diff options
author | Simo Sorce <simo@redhat.com> | 2015-10-13 20:53:00 -0400 |
---|---|---|
committer | Simo Sorce <simo@redhat.com> | 2015-11-11 11:37:15 -0500 |
commit | d3c907cb21416a23e8f736f156ea807f6d1d00c5 (patch) | |
tree | 78cdf77deff6c73b7475ff9b3f6699211e0c2b27 /custodia/kubernetes/node.py | |
parent | 0abd2a6c4ac66b905430d3cad95c1b2a23bda40f (diff) | |
download | custodia-d3c907cb21416a23e8f736f156ea807f6d1d00c5.tar.gz custodia-d3c907cb21416a23e8f736f156ea807f6d1d00c5.tar.xz custodia-d3c907cb21416a23e8f736f156ea807f6d1d00c5.zip |
Add authz plugin that verify kubelets requests
This patch adds a special authorization plugin that verifies the
identity of the node as well as checking that the node is authorized
to make a request on behalf of the pod for which it is asking secrets.
If all checks pass the path is rewritten to point to the proper secrets
namespace for the pod. By rewriting paths, in case of catastrophic
failure of the plugin no secret can be found as the path matches nothing.
Signed-off-by: Simo Sorce <simo@redhat.com>
Diffstat (limited to 'custodia/kubernetes/node.py')
0 files changed, 0 insertions, 0 deletions