Skip to content

Spiffe support #1186

New issue
New issue
Open
#1663
Open
Spiffe support#1186
#1663
Assignees
AhmedGratiTessaIO
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.
@marquiz

Description

@marquiz
marquiz
opened on Apr 25, 2023

What would you like to be added:

Support SPIFFE for verifying nfd-worker/labeler IDs. For example, utilize spiffe IDs for verifying the identity of creator of NodeFeature objects, so that an actor from node A will not be able to modify properties of node B. This would also add one extra layer of protection (in addition to RBAC) on who is authorized to modify nodes with NodeFeature objects.

To simplify, gRPC could be possibly left out-of-scope, if needed, as it's being phased out.

Inspired by comment from @AhmedGrati on the node-feature-discovery slack channel.

Why is this needed:

Improved security

Metadata

Metadata

Assignees

Labels

kind/featureCategorizes issue or PR as related to a new feature.lifecycle/staleDenotes an issue or PR has remained open with no activity and has become stale.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions