Skip to content

Subresource for metadata #54269

New issue
New issue
Open
Open
Subresource for metadata#54269
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.
@enisoc

Description

@enisoc
enisoc
opened on Oct 20, 2017

This is a tracker to consider the idea of a subresource for object metadata. In particular, for Secrets, you may want to grant a controller permission to read/edit metadata without granting access to the data.

Forked from https://github.com/kubernetes/community/pull/1163/files#r143342579:

@smarterclayton wrote:

Somewhat of a red flag in that it gives those controllers access to all secrets in the system.

@bgrant0607 wrote:

If we're concerned about permissions, we could create a subresource for updating ownerReferences, finalizers, and possibly other metadata in order to facilitate lifecycle management without privilege escalation.

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.lifecycle/frozenIndicates that an issue or PR should not be auto-closed due to staleness.sig/api-machineryCategorizes an issue or PR as relevant to SIG API Machinery.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions