You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue or Feature Request:
I was just wondering why the api-server needs such broad rbac permissions in deployments. The ones im specifically wondering are these permissions:
"create",
"delete",
"deletecollection",
"patch",
"update"
these are giving some pretty broad range of permissions to the api-server, so if these aren't actually needed I would love to remove them or at the very least the create and delete permissions. I took a brief look through the code and the deep dive and nothing jumps out at me as to why it would need those.
Thank you for the help!
The text was updated successfully, but these errors were encountered:
I agree that these seem more broad than necessary. I would like to think that "me in the past" would have appropriately constrained this role, but it's possible I mistakenly added these. I'll re-evaluate why these are in the policy and either:
Image I'm using:
v1.1.0
Issue or Feature Request:
I was just wondering why the api-server needs such broad rbac permissions in deployments. The ones im specifically wondering are these permissions:
"create",
"delete",
"deletecollection",
"patch",
"update"
these are giving some pretty broad range of permissions to the api-server, so if these aren't actually needed I would love to remove them or at the very least the create and delete permissions. I took a brief look through the code and the deep dive and nothing jumps out at me as to why it would need those.
Thank you for the help!
The text was updated successfully, but these errors were encountered: