hyperledger-labs / fabric-builder-k8s

Kubernetes chaincode builder for Hyperledger Fabric
https://labs.hyperledger.org/fabric-builder-k8s/
Apache License 2.0
30 stars 20 forks source link

Document required permissions #52

Open jt-nti opened 2 years ago

jt-nti commented 2 years ago

The following is more than strictly necessary but a good starting point...

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: fabric-builder-k8s-role
rules:
  - apiGroups:
      - ""
      - apps
    resources:
      - pods
      - deployments
      - configmaps
      - secrets
    verbs:
      - get
      - list
      - watch
      - create
      - delete
      - patch

Need to document the minimum verbs required for each resource and how to apply the permissions to the peer's service account.

Include example kubectl auth can-i commands to check for the required permissions.

jt-nti commented 2 years ago

If you're here for hacktoberfest and have any questions, get in touch on our fabric-hacktoberfest Discord channel!