Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

☔ Restrict set of permissions on Kubernetes #13285

Open
lahabana opened this issue Apr 1, 2025 · 0 comments
Open

☔ Restrict set of permissions on Kubernetes #13285

lahabana opened this issue Apr 1, 2025 · 0 comments
Assignees
@lukidzi
Labels
kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it

Comments

@lahabana
Copy link
Contributor

lahabana commented Apr 1, 2025

Description

Some of the requirements:

  • As a user, I want to bind a ClusterRole with a ClusterRoleBinding while restricting its permissions to a reduced scope.
  • As a user, I want to have the possibility to disable the creation of ClusterRole/ClusterRoleBinding on the upgrade/install
  • As a user, I want to have the possibility to run webhooks only on specific namespaces
  • As a user, I don't want a mesh control-plane to watch sensitive resources (ConfigMaps, Secrets) across all namespaces
  • As a user, I want control-plane to observe only resources in specific namespaces (out-of-scope) - agreed on reduced ClusterRole

More issue will be provided once MADR is ready and approved
@lahabana lahabana added kind/feature New feature triage/pending This issue will be looked at on the next triage meeting triage/accepted The issue was reviewed and is complete enough to start working on it and removed triage/pending This issue will be looked at on the next triage meeting labels Apr 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lukidzi lukidzi

Labels
kind/feature New feature triage/accepted The issue was reviewed and is complete enough to start working on it
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lahabana @lukidzi