This PR updates the permission used for karydia. It especially focus on splitting up the unified "serviceAccount" in multiple ones used during the installation, production and deletion. This ensure the principle of least privilege.
Moreover, I checked all currently used permissions and updated them accordingly to the usage by karydia (based on what errors occurred during installation, production and testing).
It would be great, if everyone who maintains one feature of karydia that is linked to special permissions reviews these changes and checks if everything is still working as intended.
Resolves #202.
Checklist
Before submitting this PR, please make sure:
[x] your code builds clean with make
[x] your code lets succeed unit tests with make test
Description
This PR updates the permission used for karydia. It especially focus on splitting up the unified "serviceAccount" in multiple ones used during the installation, production and deletion. This ensure the principle of least privilege.
Moreover, I checked all currently used permissions and updated them accordingly to the usage by karydia (based on what errors occurred during installation, production and testing).
It would be great, if everyone who maintains one feature of karydia that is linked to special permissions reviews these changes and checks if everything is still working as intended.
Resolves #202.
Checklist
Before submitting this PR, please make sure:
makemake test