Kubernetes RBAC identity for each user
Description
Watching a demo of IBM's cloud private offering, they did a tight syncing of Kubernetes RBAC identities with the underlying LDAP identities. We're currently looking at making project-specific RBAC roles and sharing a single identity for all users, which is fine because we manage the permission in GitLab itself. But when considering interop with other tools, or if users directly need to manage the cluster and services/apps, maybe having a K8s identity for each GitLab user would be valuable.
Proposal
- Create Kubernetes identities for each GitLab user and keep it in sync as users are added/deleted.
- Create roles for projects, etc. and associate appropriate permissions to each user, and keep synced with project membership.