![]() ![]() FWIW though, we already assume Composition writers to be super users. This can be addressed with RBAC for most cases but in cases where you don't want Composition authors be able to use certain managed resource types, there isn't much you can do other than using OpenPolicyAgent because the creator of managed resources resulting from Composition is Crossplane pod, which has permissions over all CRDs packages bring.Ability to limit capabilities of users in the cluster.It seems like the main concerns are as following: I've answered why we didn't do it for Jet-based providers which have way more CRDs. Instructions on how to compile a Crossplane Provider with just a subset of the available CRDs I have transferred the issue to core opened crossplane-contrib/provider-aws#1076 to do this for controllers, I think consolidating the whole discussion in this issue would be more helpful.Consolidation of CRD Scaling Issues #2895.In addition to this, we are having throttling issues due to the large amount of CRDs, being able to turn of 90% of the the unused CRDs would make the throttling issues go away. ![]() We want to limit which resources are installed on our cluster so that we can restrict which resources can be used in AWS by our cluster's users. Similarly, other tools built against client-go 0.25.0 or above should not experience these issues that are due to overly aggressive client-side rate limits. If you're finding this issue because you're seeing messages like the above when you run kubectl please make sure you're using the latest version of kubectl - i.e.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |