Identities management becomes increasingly complex and error-prone; should be revisited/refactored for ease of continuing development #224
Labels
area/bootstrap
Issues or PRs related to bootstrap
area/code-organization
Issues or PRs related to code organization
area/security
Issues or PRs related to security
kind/cleanup
Categorizes issue or PR as related to cleaning up code, process, or technical debt.
Tell us about your request
The area of identities management, as well as its interface, should be revisited to prevent impending, if not existing, engineering mistakes and security concerns of the codebase.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
As the project becomes more mature, the existing assumptions on the uses of identity have evolved, and will continue to do so.
For example, kubelet identity (i.e., user assigned identity) is being used on everything Karpenter needs(?), while its original expectation is just to assign it to the provisioning nodes. This fact should, at least, be clearly reflected in the code (e.g., through proper naming) to prevent unexpected misuses in the case where changes will be introduced in this area, as well as to prevent security breaches.
Are you currently working around this issue?
No
Additional Context
No response
Attachments
No response
Community Note
The text was updated successfully, but these errors were encountered: