@@ -23,28 +23,38 @@ We need permission management about:
2323
2424## Detailed design
2525
26- We want chaos-dashboard working like kubernetes-dashboard: it ask user
27- for a ** Service Account token** to login.
26+ ### Login
2827
29- Here is unfinished works we need to do:
28+ Users are asked for a ` Service Account Token ` to login. Like kubernetes dashboard:
29+
30+ ![ kubernetes login] ( ../media/kubernetes-dashboard-login.png )
31+
32+ ### Create new users
33+
34+ System administrators could create user with certain username and permissions,
35+ then a user will be create, and token also shown on the UI.
36+
37+ ### Implementation references
38+
39+ Things to do:
3040
3141- frontend asking user input token to login
3242- frontend will attach the token while sending requests to backend
3343- backend will use a certain token to create a new kube client
3444- backend need support multi-user
3545
36- For users, administrators could create
46+ > We could references auth module in kubernetes-dashboard while implementing this.
47+
48+ When chaos-dashboard creating user, new ` ServiceAccount ` will be created, then a
49+ new ` RoleBinding ` will connect certain ` Role ` to ` ServiceAccount ` .
3750
38- We will provide some pre-set ** Role** , like:
51+ We will provide some pre-set ` Role ` , like:
3952
4053- Admin: could create/get any chaos experiments.
4154- Viewer: could only get chaos experiments.
4255
43- System administrators could use role chaos-dashboard provided to create service
44- accounts which hold different permissions. System administrators could also create
45- roles, for more advanced permission control.
46-
47- > More implementation detail required.
56+ System administrators could also create their own roles, for advanced permission
57+ control.
4858
4959## Drawbacks
5060
0 commit comments