Open nixff opened 3 months ago
- apiGroups: ["admissionregistration.k8s.io"]
resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
is delete
verb needed for fsm role? or it only needed in cleanup hook for independent cleanup role?
This issue will be closed due to a long period of inactivity. If you would like this issue to remain open then please comment or update.
Now in charts, we enable some permissions at cluster level, like
rbac.authorization.k8s.io
which is unnecessary when namespacedIngress or Gateway feature disabled.We should target to minimize the permissions and modularized. Only set necessary permission based on the features enabled.
Moreover, clarify the permission usage in charts comment in details would be better, like some permissions for builtin resources:
If we only enable flb, it seems that fsm doesn't need privileges for ds or sts?
Scope (please mark with X where applicable)