https://cerbos.dev logo
#community
Title
# community
f

FIRAS FENDRI

07/28/2023, 10:37 AM
Hello everyone, I have a use case where i have a microservice golang application deployed in kubernetes , For example MicroA have one endpoint get "/help" I want to expose the endpoint as kubernetes api resource so it can be selected from k8s RoleBinding and define a role with verbs for this enpoint , then import auth0 users and roles and assign to them Can Cerbos help me with this ? Thank you in advance
c

Charith (Cerbos)

07/28/2023, 10:57 AM
I assume you're talking about the Kubernetes API aggregation layer. You can secure your service using Cerbos but that would be outside the Kubernetes RBAC mechanism. You'd have to make the K8S RBAC rules very permissive and let your service deal with authorization using Cerbos. We have an example of securing a REST API at https://github.com/cerbos/demo-rest. Cerbos also doesn't have its own directory service for assigning roles to different users. That should be done in your identity provider (Auth0 in this case). Cerbos can augment existing roles using contextual information though.
f

FIRAS FENDRI

07/28/2023, 11:01 AM
Thank you for your response, is there a way to transform a k8s pod rest api to kuberntes api-resource so i can specify k8s role with action on that pod api and on each endpoint ? If so how can i achieve this
c

Charith (Cerbos)

07/28/2023, 11:03 AM
I don't know, sorry.
2 Views