kube-capacity icon indicating copy to clipboard operation
kube-capacity copied to clipboard

Published 20 hours ago verified publisher icon robscott

Allow Username and Group impersonating.

Open zbindenren opened this issue 4 years ago • 3 comments

Most tools allow username and group impersonating like kubectl does.

      --as string                      Username to impersonate for the operation
      --as-group stringArray           Group to impersonate for the operation

Would be cool.

zbindenren avatar Apr 17 '20 06:04 zbindenren

Hey @zbindenren, thanks for the idea, I'm not quite sure I understand the use case though. I'm used to use --as or --as-group for commands like kubectl auth can-i, but it's less clear to me how this would help with kube-capacity. This tool is primarily for showing resource requests, limits, and utilization, things that are generally accessible for most users accessing a cluster. If they can't access them, they likely also wouldn't be able to impersonate someone with the --as flag. Do you have workflows that regularly require impersonation?

robscott avatar Apr 17 '20 20:04 robscott

At our company we use the following concept to protect admins from mistakes: https://github.com/postfinance/kubectl-sudo/blob/master/README.md

So an admin has only access to all resources with impersonation. That is why it would be nice for us to have that option. Some tools have already included those options:

  • https://github.com/derailed/k9s
  • https://github.com/derailed/popeye

zbindenren avatar Apr 18 '20 04:04 zbindenren

@zbindenren Thanks for describing the use case. I agree that this could be useful. I don't have a lot of extra cycles these days but very open to contributions on this front.

robscott avatar Oct 30 '20 04:10 robscott