Proposal

We'd like to start building services that drive authorization with k8s, but to do this we need the API server to make a remote call for this information. I'd like to propose an authorizer plugin that uses gRPC.

This would both solve our needs and be useful for others who are developing authz plugins, as they will not have to make changes to upstream k8s.

Summary

• Define a gRPC service which maps to the current authorizer plugin interface.
• Write a gRPC client implementation of authorizer plugin.

Motivation

• Only current authz implementation is a static policy file.
• Would like to be able to build outside services that drive authz.
• gRPC is general enough for this to be useful for projects other than our own.
• We prefer gRPC to REST.