community icon indicating copy to clipboard operation
community copied to clipboard
verified publisher icon tektoncd

How does tekton dashboard do authentication and authorization?

Open onethefuture opened this issue 3 years ago • 1 comments

How does tekton do authentication and authorization? The effect it wants to achieve is to give everyone an account, and then everyone's account can only see pipelinerun and taskrun

onethefuture avatar Aug 25 '22 11:08 onethefuture

This is described in the Dashboard install docs, see https://tekton.dev/docs/dashboard/install/#access-control for details

Auth is delegated to the Kubernetes API server so you have full access to the usual range of RBAC config and flexibility to use whichever reverse proxy you wish. An Authorization header containing a ServiceAccount token can be provided on requests to the Dashboard and it will pass this and other related headers through to the Kubernetes API server, so these can be used to determine which user / ServiceAccount is used for access.

There's a link to a walkthrough with a simple example of deploying oauth2-proxy in front of the Dashboard, as well as some notes on user impersonation.

The Dashboard can also be deployed in read-only mode using one of the provided install manifests or the installer script.

AlanGreene avatar Aug 29 '22 15:08 AlanGreene

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale with a justification. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle stale

Send feedback to tektoncd/plumbing.

tekton-robot avatar Nov 27 '22 16:11 tekton-robot

Stale issues rot after 30d of inactivity. Mark the issue as fresh with /remove-lifecycle rotten with a justification. Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with /close with a justification. If this issue should be exempted, mark the issue as frozen with /lifecycle frozen with a justification.

/lifecycle rotten

Send feedback to tektoncd/plumbing.

tekton-robot avatar Dec 27 '22 16:12 tekton-robot

/close

AlanGreene avatar Dec 27 '22 19:12 AlanGreene

@AlanGreene: Closing this issue.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

tekton-robot avatar Dec 27 '22 19:12 tekton-robot