@smithp4ntz circling back here, I'm not aware of any examples but also I don't see a reason why it wouldn't be possible to use SpiceDB for Kubernetes authorization. @jzelinskie are you aware of any examples on how to use SpiceDB for kubernetes admission control?
j
jzelinskie
01/10/2023, 6:00 PM
It's definitely possible to use a Kubernetes AdmissionController to call out to SpiceDB, but you'd probably be the first person doingso in the open. It definitely requires a bit of additional code to convert the payload into something SpiceDB understands and then convert SpiceDB's response back into the AdmissionReview Response that Kubernetes is expecting. I imagine it'd end up looking a bit like our prom-authzed-proxy if you squint, which looks a promql api requests and turns them into SpiceDB checks https://github.com/authzed/prom-authzed-proxy