On 08/28/2018 06:23 PM, David Lang wrote:
As we are looking at managing and securing our k8s install, we are
finding that getting a token out of the pod/container runing the
management processes is non-trivial, especially to get it onto a
separate log server.
would it be possible to add client cert auth to the token option? This
is much easier to auto-provision during setup
Sure. We could copy/paste the omelasticsearch code. And, conversely,
I'd like to have token auth in omelasticsearch.
Also, we are side-stepping a lot of RBAC config by using different
clusters for different teams.
what would it take to be able to define multiple clusters (sets of API
servers)?
So have different instances. We'd have to implement the code like we
have in omelasticsearch, to use the module config (if any) as the
default values, and be able to override that per-instance/action. The
cache code is keyed by the kubernetesURL so it looks like the cache
already has support for multiple instances. Not hard, mostly a lot of
boilerplate code.
David Lang
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a
myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST
if you DON'T LIKE THAT.
___
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE
THAT.