Add needed roles to be able to create zync-que-role in the Operator · 3scale/3scale-operator@66eac16

Commit

Add needed roles to be able to create zync-que-role in the Operator

In Kubernetes, when a new role is created the user/serviceaccount
that creates the role has to have the same permissions as the role
that it wants to create, even if he does not directly uses them.
The documentation link explaining this:
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#privilege-escalation-prevention-and-bootstrapping
There's an 'escalate' permission that might allow us to prevent
this but is only compatible with Kubernetes 1.12 or newer
and at this moment we want to maintain compatibility with
at least Kubernetes 1.11.

Loading branch information

miguelsorianod committed Jun 14, 2019

1 parent 684bbb6 commit 66eac16

deploy/role.yaml

-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ rules: @@
       - ""
       resources:
       - pods
+      - replicationcontrollers
       - services
       - endpoints
       - persistentvolumeclaims
@@ Expand Down @@

0 comments on commit `66eac16`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `66eac16`

Commit

There are no files selected for viewing

0 comments on commit 66eac16

0 comments on commit `66eac16`