Open wmedlar opened 2 years ago
@zroubalik Thoughts? @wmedlar Are you willing to jump in if we want to do this? Keep in mind that we should be backwards compatible
If needed, sure.
Sounds good, let's do this :)
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions.
Proposal
KEDA should attach corresponding CRD permissions to the built-in
view
,edit
, andadmin
ClusterRoles through ClusterRole aggregation. Right now KEDA requires configuring permissions for its resources manually, introducing burden for cluster operators. Aggregation is a common pattern for applications that deploy CRDs (see cert-manager for an example) that reduces this burden and simplifies the installation process.Use-Case
As a cluster operator, I would like to provide KEDA as a platform service to application teams, using a permissions model that follows best practices by consuming built-in, least-privileged ClusterRoles.
Anything else?
This is an example of the aggregated ClusterRoles that I apply manually after deploying KEDA.