Question: Deployment permission on the api server #466

jooh-lee · 2023-06-14T19:39:24Z

Image I'm using:
v1.1.0

Issue or Feature Request:
I was just wondering why the api-server needs such broad rbac permissions in deployments. The ones im specifically wondering are these permissions:
"create",
"delete",
"deletecollection",
"patch",
"update"

these are giving some pretty broad range of permissions to the api-server, so if these aren't actually needed I would love to remove them or at the very least the create and delete permissions. I took a brief look through the code and the deep dive and nothing jumps out at me as to why it would need those.

Thank you for the help!

cbgbt · 2023-06-19T20:07:39Z

Thanks for raising this issue.

I agree that these seem more broad than necessary. I would like to think that "me in the past" would have appropriately constrained this role, but it's possible I mistakenly added these. I'll re-evaluate why these are in the policy and either:

Add some commentary if there is a valid reason.
Remove them if there is not.

jooh-lee · 2023-06-19T21:42:56Z

thank you!

cbgbt mentioned this issue Aug 8, 2023

Remove unnecessary deployment management permissions from brupop #507

Merged

cbgbt closed this as completed in #507 Aug 9, 2023

cbgbt self-assigned this Aug 15, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Question: Deployment permission on the api server #466

Question: Deployment permission on the api server #466

jooh-lee commented Jun 14, 2023 •

edited

Loading

cbgbt commented Jun 19, 2023

jooh-lee commented Jun 19, 2023

Question: Deployment permission on the api server #466

Question: Deployment permission on the api server #466

Comments

jooh-lee commented Jun 14, 2023 • edited Loading

cbgbt commented Jun 19, 2023

jooh-lee commented Jun 19, 2023

jooh-lee commented Jun 14, 2023 •

edited

Loading