-
Notifications
You must be signed in to change notification settings - Fork 740
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fine-grained rbac for flagger helm #73
Conversation
Codecov Report
@@ Coverage Diff @@
## master #73 +/- ##
=======================================
Coverage 54.53% 54.53%
=======================================
Files 13 13
Lines 1533 1533
=======================================
Hits 836 836
Misses 557 557
Partials 140 140 Continue to review full report at Codecov.
|
charts/flagger/templates/rbac.yaml
Outdated
- list | ||
- watch | ||
- nonResourceURLs: | ||
- /version?timeout=32s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need the timeout arg? Would it work with /version
only?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
good point, fixed
- "" | ||
resources: | ||
- services | ||
verbs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need patch
and update
to cover future work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
- autoscaling | ||
resources: | ||
- horizontalpodautoscalers | ||
verbs: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We'll need patch
and update
to cover future work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added
@huydinhle thanks for this. Please apply the same RBAC setting in here also https://github.com/stefanprodan/flagger/blob/master/artifacts/flagger/account.yaml |
1b99f3f
to
2b6507d
Compare
addressed all the comments @stefanprodan |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks @huydinhle
@stefanprodan took a stab at this #48
I generated using
audit2rbac
and tested by running the tutorials to make sure no rbac problems showed upFix: #48