K
Q

Is there a way to get the resource requester value in the resource object in Kubernetes?

5/19/2021

I have a case where we use custom Authorization in Kubernetes via a webhook. Once authorized is there any way the user id could propagated on to the metadata or labels or env of a resource in Kubernetes.

Eg - When a user creates a pod, the userid should be available on the request object.

The only place where the user data is available is in the events that is available via audit logs.

-- saipavan
authentication
authorization
kubernetes

Similar Questions

Unable to delete local registry images in GKE
Error creating replicaset - unknown unknown field "replicas" in io.k8s.api.apps.v1.ReplicaSet
Unauthorized issues when adding new kubernetes master
Node.js pod isn't getting the preStop lifecycle signal from Kubernetes
How to get flink streaming jar to kubernetes

1 Answer

5/19/2021

You could use a mutating webhook to inject it. The webhook admission request struct has the user identity data and you can patch the incoming object in the admission response. There is nothing off the shelf for that though, you would have to build it yourself.

-- coderanger
Source: StackOverflow