Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Revert "EFS-CSI pod impersonation implementation" #777

Merged
merged 1 commit into from
Sep 29, 2022
Merged

Revert "EFS-CSI pod impersonation implementation" #777

merged 1 commit into from
Sep 29, 2022
+1 −418

Conversation

wongma7
Copy link
Contributor

@wongma7 wongma7 commented Sep 29, 2022

Reverts #710

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Sep 29, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: wongma7

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@wongma7 wongma7 merged commit a0fa760 into master Sep 29, 2022
@wongma7 wongma7 deleted the revert-710-master branch September 29, 2022 22:16
@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Sep 29, 2022
@razvan-moj razvan-moj mentioned this pull request Oct 4, 2022
Closed
4 tasks
This was referenced Oct 12, 2022
Closed
Closed
Merged
@adammw
Copy link

adammw commented Aug 16, 2024

Is there any more information on the reason for the revert?

@andrecastro
Copy link

Why this was reverted?

@dims
Copy link
Member

dims commented Oct 8, 2024

@adammw @andrecastro can you please share some context on why the sudden interest in a revert after 2-ish years?

@andrecastro
Copy link

andrecastro commented Oct 8, 2024
edited
Loading

@dims I manage a multi-tenant platform based on k8s, meaning I have applications of different teams sharing the same cluster. I would like to whitelist the applications using the EFS resource policy, restricting the access only to the roles associated to the pods (IRSA) that need access.

Right now I'm doing it via templates and naming patterns that we have in our platform, but I think this feature would be a valid option thinking about security concerns.

The secrets-store-csi-driver-provider-aws have something similar. I can create secrets on AWS Secrets Manager and restrict the access to the pods. The provider kind of impersonate the pod mounting the secret, using its permissions.

@dims
Copy link
Member

dims commented Oct 8, 2024

@andrecastro thanks for sharing! please open a new issue and point it back to the discussion here (and cut-n-paste the info here). it's just that folks don't really pay attention to old closed PRs and better visibility as a fresh request.

@adammw
Copy link

adammw commented Oct 15, 2024

#1439 was opened back in August

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jqmichael jqmichael Awaiting requested review from jqmichael

@justinsb justinsb Awaiting requested review from justinsb

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@wongma7 @k8s-ci-robot @adammw @andrecastro @dims