Kubeflow Access Management API - is incomplete #53
Comments
|
/transfer dashboard |
|
@ReggieCarey: The label(s) In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/kind feature
Why you need this feature:
[Is your feature request related to a problem? Please describe in details]
The documentation describes the ability to create Profiles and to assign users to be contributors to a profile. The documentation describes a Bind API along side the Profile API. There is NO definition or public information for this Bind API. Further, there appears to be no documentation on the Profile API.
I want users that are members of a Group to have access (kubeflow-edit or kubeflow-view or kubeflow-admin) to a Profile/namespace.
The documentation hints that the above is possible with the Bind API. But there is NO documentation for such an API and there is no CRD for that API.
Describe the solution you'd like:
[A clear and concise description of what you want to happen.]
I want the Bind and Profile API's to be well documented and described. I want the ability to control who has access to a resource based on Group as well as User. As an operator, I want some visibility into who has access to what profile. Currently this must be inferred by analyzing RoleBindings and Istio Authorization Policies in each namespace.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
In general if Kubeflow is going to expose a custom resource, I would expect that there be some documentation about how to use it. Not just examples of it being used.
The text was updated successfully, but these errors were encountered: