Skip to content
This repository has been archived by the owner on Feb 27, 2023. It is now read-only.

Audit operator's RBAC #486

Open
skriss opened this issue Feb 9, 2022 · 1 comment
Open

Audit operator's RBAC #486

skriss opened this issue Feb 9, 2022 · 1 comment
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt.

Comments

@skriss
Copy link
Member

skriss commented Feb 9, 2022

The operator currently has a broad set of RBAC grants:
https://github.com/projectcontour/contour-operator/blob/main/internal/operator/operator.go#L55-L74

These are a combination of:

  • permissions the Operator needs in order to create/update/delete Contour itself (e.g. CRUD on deployments, daemonsets, jobs, etc.)
  • transitive permissions the Operator needs in order to create Contour's ClusterRole (e.g. get/list/watch endpoints, services, etc)

It'd be nice to:
@skriss skriss added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Feb 9, 2022
@skriss
Copy link
Member Author

skriss commented Feb 9, 2022

xref #265

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skriss