aayushichadha
commented
5 years ago Can i get more information in this?
Open tekenstam opened 5 years ago
aayushichadha
commented
5 years ago Can i get more information in this?
tekenstam
commented
5 years ago Hi @aayushichadha, this issue is about improving the following section in README.md to better describe how to configure the destination S3 bucket to allow the forensics-worker to upload files to it. By adding the nodes role that allows any pod running on any node to upload to the S3 bucket, which is not a good security practice. It would be better to document how to use kiam to have more targeted permission to only the forensic-worker pod.
https://github.com/keikoproj/kube-forensics/blob/master/README.md#bucket-configuration
dheeraj-tripathi
commented
4 years ago @tekenstam Is this about restricting access at namespace level to IAM role? I can take this.
Is this a BUG REPORT or FEATURE REQUEST?: FEATURE
What happened: How to configure the destination S3 bucket is unclear
What you expected to happen: Give examples using kops worker node role as well as kiam role.