You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
RBAC doesn't include realm name and authenticator right now, just a group in the realm, which may lead to collision if groups in different realms/authenticators named in the same way but should have different access privileges, for e.g. you have a group in Github Org named devs and you also use another authenticator that has a group with the same name but including people those are not allowed to access.
Thus in order to avoid collision/leak subjects in clusterRoleBinding should look like this:
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: Authenticator/Realm/GroupName
The text was updated successfully, but these errors were encountered:
RBAC doesn't include realm name and authenticator right now, just a group in the realm, which may lead to collision if groups in different realms/authenticators named in the same way but should have different access privileges, for e.g. you have a group in Github Org named
devsand you also use another authenticator that has a group with the same name but including people those are not allowed to access.Thus in order to avoid collision/leak
subjectsin clusterRoleBinding should look like this:The text was updated successfully, but these errors were encountered: