Is there a way to get the resource requester value in the resource object in Kubernetes?

5/19/2021

I have a case where we use custom Authorization in Kubernetes via a webhook. Once authorized is there any way the user id could propagated on to the metadata or labels or env of a resource in Kubernetes.

Eg - When a user creates a pod, the userid should be available on the request object.

The only place where the user data is available is in the events that is available via audit logs.

-- saipavan
authentication
authorization
kubernetes

1 Answer

5/19/2021

You could use a mutating webhook to inject it. The webhook admission request struct has the user identity data and you can patch the incoming object in the admission response. There is nothing off the shelf for that though, you would have to build it yourself.

-- coderanger
Source: StackOverflow