cheshire
/
hscloud
forked from hswaw/hscloud
1
0
Fork 0
Code Pull Requests Activity
1,221 Commits
1 Branch
0 Tags
55 MiB
Commit Graph

2 Commits (6e10e46f96875ef15a1e1588e9b03d4f1f6b42a5)

Author SHA1 Message Date
q3k 3a6d67e0c4 cluster/prodvider: rewrite against x509 lib for ed25519 support 
This gets rid of cfssl for the kubernetes bits of prodvider, instead
using plain crypto/x509. This also allows to support our new fancy
ED25519 CA.

Change-Id: If677b3f4523014f56ea802b87499d1c0eb6d92e9
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1489
Reviewed-by: q3k <q3k@hackerspace.pl>
 2023-03-31 22:53:59 +00:00
q3k b13b7ffcdb prod{access,vider}: implement 
Prodaccess/Prodvider allow issuing short-lived certificates for all SSO
users to access the kubernetes cluster.

Currently, all users get a personal-$username namespace in which they
have adminitrative rights. Otherwise, they get no access.

In addition, we define a static CRB to allow some admins access to
everything. In the future, this will be more granular.

We also update relevant documentation.

Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153
 2019-08-30 23:08:18 +02:00