Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update components-permission docs #728

Merged
merged 1 commit into from
Nov 30, 2024
Merged

update components-permission docs #728

merged 1 commit into from
Nov 30, 2024

Conversation

zhzhuang-zju
Copy link
Contributor

What type of PR is this?
/kind feature

What this PR does / why we need it:
Further reduce the permissions of karmada-agent

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

@karmada-bot karmada-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 8, 2024
@karmada-bot karmada-bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 8, 2024
windsonsea
windsonsea reviewed Nov 8, 2024
View reviewed changes
Copy link
Member

@windsonsea windsonsea left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

No more references to this page after checking the repo.

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 8, 2024
@karmada-bot karmada-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm Indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Nov 25, 2024
@zhzhuang-zju
Copy link
Contributor Author

zhzhuang-zju commented Nov 25, 2024
edited
Loading

cc @RainbowMango I have revised the content and layout of the component-permission chinese document. If the layout is feasible, the English document will be modified accordingly soon.

@zhzhuang-zju zhzhuang-zju force-pushed the rbac branch 2 times, most recently from f3f1c44 to 697929c Compare November 26, 2024 07:26
RainbowMango
RainbowMango reviewed Nov 27, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/assign

RainbowMango
RainbowMango reviewed Nov 30, 2024
View reviewed changes
docs/administrator/security/component-permission.md Outdated Show resolved Hide resolved
docs/administrator/security/component-permission.md Outdated Show resolved Hide resolved
docs/administrator/security/component-permission.md Outdated Show resolved Hide resolved
docs/administrator/security/component-permission.md Outdated Show resolved Hide resolved
i18n/zh/docusaurus-plugin-content-docs/current/administrator/security/component-permission.md Outdated Show resolved Hide resolved
i18n/zh/docusaurus-plugin-content-docs/current/administrator/security/component-permission.md Outdated Show resolved Hide resolved
i18n/zh/docusaurus-plugin-content-docs/current/administrator/security/component-permission.md Outdated Show resolved Hide resolved
RainbowMango
RainbowMango reviewed Nov 30, 2024
View reviewed changes
docs/administrator/security/component-permission.md Outdated

# Karmada Component Permissions

As a multi-cluster management framework, it is crucial to control the permissions of Karmada components based on the resources they access to maintain the security and stability of the entire system. The Karmada community has compiled a list of resources that key components require access to and has implemented the principle of least privilege for the relevant components using the community-maintained installation and deployment tool. This document aims to outline the list of resources that Karmada components need to access along with the reasons for accessing those resources, providing clear guidance for users customizing component permissions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
As a multi-cluster management framework, it is crucial to control the permissions of Karmada components based on the resources they access to maintain the security and stability of the entire system. The Karmada community has compiled a list of resources that key components require access to and has implemented the principle of least privilege for the relevant components using the community-maintained installation and deployment tool. This document aims to outline the list of resources that Karmada components need to access along with the reasons for accessing those resources, providing clear guidance for users customizing component permissions.
This document provides a detailed explanation of the resources each Karmada component needs to access and the reasons for these accesses. It will help administrators understand and configure the RBAC permissions needed for Karmada components effectively, ensuring that the system operates securely and efficiently.
The [installation tools](https://karmada.io/docs/installation/) maintained by the community are designed with security in mind. These tools use Role-Based Access Control ([RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)) to manage access to components, ensuring they only have access to the resources they require. By adhering to the principle of least privilege, these tools minimize potential security risks and prevent unauthorized access or actions within the system.

@RainbowMango RainbowMango mentioned this pull request Nov 30, 2024
Merged
RainbowMango
RainbowMango approved these changes Nov 30, 2024
View reviewed changes
Copy link
Member

@RainbowMango RainbowMango left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@karmada-bot karmada-bot added the lgtm Indicates that a PR is ready to be merged. label Nov 30, 2024
@karmada-bot
Copy link
Collaborator

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: RainbowMango

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@karmada-bot karmada-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 30, 2024
@karmada-bot karmada-bot merged commit b72296c into karmada-io:main Nov 30, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@windsonsea windsonsea windsonsea left review comments

@RainbowMango RainbowMango RainbowMango approved these changes

@Poor12 Poor12 Awaiting requested review from Poor12

@Tingtal Tingtal Awaiting requested review from Tingtal

Assignees

@RainbowMango RainbowMango

@windsonsea windsonsea

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. kind/feature Categorizes issue or PR as related to a new feature. lgtm Indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@zhzhuang-zju @karmada-bot @RainbowMango @windsonsea