argoproj / argo-events

Event-driven Automation Framework for Kubernetes
https://argoproj.github.io/argo-events/
Apache License 2.0
2.37k stars 738 forks source link

Migrate all event sources to use unprivileged SA to access k8s resources #720

Closed whynowy closed 4 years ago

whynowy commented 4 years ago

Is your feature request related to a problem? Please describe. Currently when an event source deployment needs to access k8s resource (like secret), it uses privileged SA to achieve that.

e.g. https://github.com/argoproj/argo-events/blob/master/gateways/server/storagegrid/start.go#L176

Describe the solution you'd like

A privileged SA is not needed to do that (for example, mount the secret as a volume when creating the deployment). We need to migrate all the eventsources to the new approach.

whynowy commented 4 years ago

https://github.com/argoproj/argo-events/pull/735