Is there any examples of Kubernetes using SpiceDB for its authz?

👋🏻 with "it's authz" you mean Kube's RBAC? As in using SpiceDB to authorize in-cluster operations?

yes, similar to something like https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/

@smithp4ntz circling back here, I'm not aware of any examples but also I don't see a reason why it wouldn't be possible to use SpiceDB for Kubernetes authorization. @jzelinskie are you aware of any examples on how to use SpiceDB for kubernetes admission control?

It's definitely possible to use a Kubernetes AdmissionController to call out to SpiceDB, but you'd probably be the first person doingso in the open. It definitely requires a bit of additional code to convert the payload into something SpiceDB understands and then convert SpiceDB's response back into the AdmissionReview Response that Kubernetes is expecting. I imagine it'd end up looking a bit like our prom-authzed-proxy if you squint, which looks a promql api requests and turns them into SpiceDB checks https://github.com/authzed/prom-authzed-proxy