capsule

capsule copied to clipboard

Support wildcards in additionalrolebindings section of Tenant specification

4

# Describe the feature additionalrolebindings section of Tenant specification needs an exact user. It does not support wildcard for user. # What would the new user story look like? Support...

meetdpv

**Request** It's important IMHO to expand and review the current open governance, to be aligned with [CNCF Open governance](https://contribute.cncf.io/maintainers/governance/). **What would the new user story look like?** As a community...

maxgio92

[UMBRELLA] CNCF Sandbox project onboarding

9

**General** This is an umbrella issue to track the status of all the required points that need to be addressed in the Git repository and GitHub: - [x] Review and...

maxgio92

Kubernetes Security Feature Request: support for user namespaces/id mapped mounts

3

This is maybe more of a long term vision question/idea. Maybe it's out-of-scope. For better security for tenants, the recommendation is to have user namespace: https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/127-user-namespaces/README.md#motivation That's important for security,...

Lennie

Move documentation to open doc framework

4

As part of CNCF Sandbox project onboarding #812, we're moving to a separate neutral GitHub organization. Currently the documentation website is tied to a custom layout published from a private...

bsctl

Targeted namespace annotations

4

Hi, we recently came across a conceptional issue with namespace annotations. In our clusters we are using linkerd as service mesh. To ensure that all tenants are properly meshed, we...

micke-post

As the CNCF sandbox staging process continues, we should share publicly how the Capsule project governance is led. For reference: https://contribute.cncf.io/maintainers/governance/

prometherion

Docs: how to operate Capsule

1

Taking inspiration from [KEDA](https://keda.sh/docs/2.11/operate/cluster/), we should share how to operate Capsule on a Kubernetes cluster, as well as sharing the minimum supported version, and required dynamic admission controllers, etc.

prometherion

Support for clusters with OwnerReferencesPermissionEnforcement admission plugin enabled

13

# Bug description We are performing a Capsule POC on OpenShift, and it turns out that Capsule misses RBAC configuration to support clusters with [OwnerReferencesPermissionEnforcement admission plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement) enabled. OpenShift enables...

erikgb

What are the steps for adding an AWS IAM user group/role as owner to Capsule tenant

4

Hi, I am beginner to Capsule framework. Have installed capsule on AWS EKS cluster. Was able to create a tenant with an IAM user with "Describe Cluster" permissions as tenant...

kgphani