Closed samueltorres closed 2 years ago
Hey @haarchri 👋 could you please take a look 🙏? It would be great to get this in :)
Can you please add a test for the new feature and clean up the lint errors? Everything else looks good.
Can you review again @dwerder ? 🙏
Can you please add a test?
Done :) Added some tests on the creation or the cluster roles and bindings
What this PR does / why we need it:
This change aims to add the possibility of both kustomize-controller and helm-controller service accounts to not become cluster-admins.
In Kubernetes Clusters with a very agressive security posture we want to avoid to run service accounts with cluster admin privileges.
If the privileged mode is turned off we will only add service account impersonation capabilities to the kustomize-controller and helm-controller service accounts so they can only impersonate other service accounts that are usually set on the Kustomizations / Helm Releases.
Which Issue does it fix:
111
Special notes for your reviewer:
Checklist
make reviewable