Create a custom role instead of `edit` ClusterRole

OpsMx / spinnaker-helm

Stable helm chart of Spinnaker

23 stars 43 forks source link

Create a custom role instead of `edit` ClusterRole #9

Open hisener opened 3 years ago

hisener commented 3 years ago

Halyard role binding uses default ClusterRole edit, but it allows read/write access to most objects (kubectl describe clusterrole edit). Would it be possible to create a Role object with only required privileges?

https://github.com/OpsMx/spinnaker-helm/blob/2a0f39ec9d6d0b68c1a351b1e6cc6e12fbc5b847/templates/rbac/rolebinding.yaml#L7-L10

Best.

abhinaybyrisetty commented 3 years ago

I have a fix for this, I'll be creating a PR soon

philleonard commented 2 years ago

Hey @abhinaybyrisetty. Thanks for picking this up! Do you have an update?