You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
stackabletech/kafka-operator#724 shows that we don't really have a good way to identify a "machine user" that others can write authorization rules against. You could use the SANs we already set, but that can as often just identify the instance, rather than the app/group of instances (such as StatefulSet).
Perhaps it would make sense to use the pod's ServiceAccount? That said we should probably avoid the format serviceaccount.ns to prevent people confusing them with DNS names.
The text was updated successfully, but these errors were encountered:
stackabletech/kafka-operator#724 shows that we don't really have a good way to identify a "machine user" that others can write authorization rules against. You could use the SANs we already set, but that can as often just identify the instance, rather than the app/group of instances (such as StatefulSet).
Perhaps it would make sense to use the pod's ServiceAccount? That said we should probably avoid the format
serviceaccount.nsto prevent people confusing them with DNS names.The text was updated successfully, but these errors were encountered: