You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Our security model can be roughly defined as "users can do whatever they want in their namespace, and nothing outside of it".
We should
Make that definition a bit more precise (does whatever they want include starting services, creating / mounting volumes, etc.? Or do we limit it just to Jobs? Jobs with certain properties (only one container, no unknown volumes, ...)?)
Verify that it's a reasonable way to handle "multi-tenant" Kubernetes clusters, where one user shouldn't be able to see or modify another user's jobs / pods / etc.
Actually implement it
The text was updated successfully, but these errors were encountered:
Our security model can be roughly defined as "users can do whatever they want in their namespace, and nothing outside of it".
We should
The text was updated successfully, but these errors were encountered: