Adding RBAC for Betydb Helm components#4
Adding RBAC for Betydb Helm components#4Sagar2366 wants to merge 7 commits intoPecanProject:mainfrom
Conversation
Sagar2366
changed the title
| {{- include "betydb.labels" . | nindent 4 }} | ||
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["pods", "endpoints", "Services", "configmaps"] |
There was a problem hiding this comment.
should this be
| resources: ["pods", "endpoints", "Services", "configmaps"] | |
| resources: ["pods", "endpoints", "services", "configmaps"] |
There was a problem hiding this comment.
Removed extra permissions from bety hook role
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: {{ include "betydb.fullname" . }}-hooks |
There was a problem hiding this comment.
do we need a separate account for the hooks? Not sure we need all the permissions listed below for the hooks.
There was a problem hiding this comment.
using separate service account as permissions required for bety and bety hooks are different.
Will remove endpoint, service access from bety hook role.
| rules: | ||
| - apiGroups: [""] | ||
| resources: ["pods", "endpoints", "Services", "configmaps"] | ||
| verbs: |
There was a problem hiding this comment.
do we need any permissions? I don't think right now BETY needs permissions to any of these endpoints services.
There was a problem hiding this comment.
Endpoint access added for BETY role as we're accessing them in ingress config and readiness probe.
| apiVersion: v1 | ||
| kind: ServiceAccount | ||
| metadata: | ||
| name: {{ include "betydb.fullname" . }} |
There was a problem hiding this comment.
should this service account be used in the deployment file (and maybe others).
2 participants
RBAC for BETYDB HELM