Open pmalek opened 3 weeks ago
charts/gateway-operator/scripts/update-rbac-resources.sh is used to update the RBAC resources in gateway-operator chart.
charts/gateway-operator/scripts/update-rbac-resources.sh
It does not take KGO EE RBAC rules into account hence running this on the current version of KGO repo yields a diff which would remove permissions:
diff --git a/charts/gateway-operator/templates/rbac-resources.yaml b/charts/gateway-operator/templates/rbac-resources.yaml index 0f4af6b..647798a 100644 --- a/charts/gateway-operator/templates/rbac-resources.yaml +++ b/charts/gateway-operator/templates/rbac-resources.yaml @@ -126,18 +126,6 @@ rules: - create - delete - get -- apiGroups: - - cert-manager.io - resources: - - certificates - verbs: - - create - - delete - - get - - list - - patch - - update - - watch - apiGroups: - configuration.konghq.com resources: @@ -488,14 +476,6 @@ rules: - get - patch - update -- apiGroups: - - gateway-operator.konghq.com - resources: - - dataplanemetricsextensions - verbs: - - get - - list - - watch - apiGroups: - gateway-operator.konghq.com resources:
Problem statement
charts/gateway-operator/scripts/update-rbac-resources.sh
is used to update the RBAC resources in gateway-operator chart.It does not take KGO EE RBAC rules into account hence running this on the current version of KGO repo yields a diff which would remove permissions:
Proposed solution