About how to difference cluster-admin or cluster resource user in karmada ?

[samzong]

What would you like to be added:

Who am I ? => a Care Security SRE

as I know, to join a new cluster to karmada member list, we need cluster-admin, it's no question.

but when I deploy a applicaion as Deployment, use cluster-admin is not best practices, when I use kubectl karmada, I can do anything as cluster-admin in any clusters. This is very dangerous.

Can I use an namespace-admin(a role) or a custom roles for Application Developer?

maybe we can use pp for a role to every memeber(clusters)?

when I was namespace-admin, we only can do something in a karmada namespace(cross-cloud ns)

and next step, we also can add resource limit for a karmada namespace.

Why is this needed:

I want Karmada can do a safely way for premisson to an Application Developer do somethings.

---

At last, I have some desgin of this. maybe we can talk at Biweekly meeting.

[RainbowMango]

At last, I have some desgin of this. maybe we can talk at Biweekly meeting.

Fantastic! Feel free to add an agenda to the meeting notes once you are ready.

but when I deploy a applicaion as Deployment, use cluster-admin is not best practices, when I use kubectl karmada, I can do anything as cluster-admin in any clusters. This is very dangerous.

I'm not sure I correctly understand your point, here I want to say, Karmada doesn't require operations should be done with admin, as an administrator, you can issue any appropriate certificate to users.

[Poor12]

/close Feel free to reopen it if you have any questions.

[karmada-bot]

@Poor12: Closing this issue.

In response to this:

/close Feel free to reopen it if you have any questions.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.