Open consideRatio opened 1 year ago
forgot to respond here, but this works as expected thank you
Thanks for the confirmation, @ranchodeluxe!
IMHO, the next step here properly document it in our infra docs (adding a task for that in the top message).
In https://2i2c.freshdesk.com/a/tickets/502 a request came from Greg, a k8s power user, to be granted read permissions to the k8s cluster, and I suggested the k8s official user facing ClusterRole
view
that doesn't grant access to inspect Secret resources etc but other resources overall, including logs for pods as explicitly requested.This is how I've attempted to provide that in the AWS based cluster.
The user can then authenticate as their AWS IAM user and run:
The user confirmed this approach is working. So, we need to: