Introduction

Product Introduction

ACP API Refiner is a data filtering service provided by the ACP platform that enhances multi-tenant security and data isolation in Kubernetes environments. It filters Kubernetes API response data based on user permissions, projects, clusters, and namespaces, while also supporting field-level filtering, inclusion, and data desensitization.

Product Advantages

The core advantages of ACP API Refiner are as follows:

Multi-dimensional Data Isolation
- Supports filtering API responses based on project, cluster, and namespace dimensions
- Ensures proper data boundaries between different tenants
- Prevents unauthorized access to cluster-scoped resources
Flexible Data Filtering
- Supports excluding, including, and desensitizing specific fields in API responses
- Configurable filtering rules through YAML configuration
- Dynamic generation of resource Ingress for different resource types
Enhanced Security
- Implements JWT token-based user authentication
- Provides fine-grained access control based on user permissions
- Supports data desensitization for sensitive information

Scenarios

The main application scenarios of ACP API Refiner are as follows:

Multi-tenant Environment
- Ensures proper data isolation between different tenants
- Prevents unauthorized access to cluster-scoped resources
- Manages shared namespace scenarios effectively
Sensitive Data Protection
- Filters sensitive information from API responses
- Supports field-level data desensitization
- Protects sensitive metadata and annotations
Compliance Requirements
- Helps meet data isolation requirements
- Supports audit and compliance needs
- Maintains data access boundaries

Limitations

The following limitations apply to ACP API Refiner:

Resources must contain specific tenant-related labels for data isolation:
- cpaas.io/project
- cpaas.io/cluster
- cpaas.io/namespace
- kubernetes.io/metadata.name
- Optional: cpaas.io/creator
LabelSelector queries do not support logical OR operations
Platform-level userbindings are not filtered
Filtering is only applied to GET and LIST API operations

ON THIS PAGE

How to

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Guides

Pre-Application Creation Preparation

Creating Applications

Creating Workloads

Actions You Can Take After Creating an Application

Configuring Network

Using Services

Using Ingresses

Using Gateways and Route Rules

Using LoadBalancers

Operation and Maintenance

Catalog

Pod and Container

Pod

Container

How To

Concepts

Guides

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To