Identities management becomes increasingly complex and error-prone; should be revisited/refactored for ease of continuing development

[comtalyst]

Tell us about your request

The area of identities management, as well as its interface, should be revisited to prevent impending, if not existing, engineering mistakes and security concerns of the codebase.

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?

As the project becomes more mature, the existing assumptions on the uses of identity have evolved, and will continue to do so.
For example, kubelet identity (i.e., user assigned identity) is being used on everything Karpenter needs(?), while its original expectation is just to assign it to the provisioning nodes. This fact should, at least, be clearly reflected in the code (e.g., through proper naming) to prevent unexpected misuses in the case where changes will be introduced in this area, as well as to prevent security breaches.

Are you currently working around this issue?

No

Additional Context

No response

Attachments

No response

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

[comtalyst]

Working on it