Make admin privileges configurable

cybozu-go / accurate

Kubernetes controller for multi-tenancy. It propagates resources between namespaces accurately and allows tenant users to create/delete sub-namespaces.

https://cybozu-go.github.io/accurate/

Apache License 2.0

38 stars 5 forks source link

Make admin privileges configurable #89

Closed ymmt2005 closed 11 months ago

ymmt2005 commented 11 months ago

Fix #82.

With this change, we stop granting the below permission to the accurate controller.

  - apiGroups:
      - '*'
    resources:
      - '*'
    verbs:
      - get
      - list
      - watch

Also, we make the ClusterRole admin optional. The Helm chart now takes optional ClusterRoles to be granted.

morimoto-cybozu commented 11 months ago

@ymmt2005 Don't we need to remove //+kubebuilder:rbac:... from controllers/propagate.go?

ymmt2005 commented 11 months ago

Thanks. Updated.