Open cwrau opened 1 month ago
DChevrier1
commented
1 month ago I would second this. As DevSecOps lead, I would love for the devs to be able to use this, but not be able to change anything. It would give them access to the logs in an easy to use gui. I would like to see it go even further with roles where I could limit groups to only certain namespaces/pods
sebastiangaiser
commented
1 month ago Just to have this mentioned, removing the patch verb from the ClusterRole should do the job. I've implemented this in my Helm chart already: https://github.com/sebastiangaiser/helm-charts/blob/0d247e0d1707327ee654f854fcbc50f270613844/charts/capacitor/templates/clusterrole.yaml#L50
Tbh I've implemented it as a simple way to solve this problem but haven't checked how Capacitor reacts on this...
It would be amazing if one could set the dashboard to be "read only", by which I mean that the user cannot do "breaking" changes like suspending a resource.
I don't consider reconciling breaking, as that would've happened anyways.