flavio
commented
3 years ago I think this can be closed now, isn't it?
Closed ereslibre closed 3 years ago
flavio
commented
3 years ago I think this can be closed now, isn't it?
ereslibre
commented
3 years ago No, I'm still working on this. We have to grant access.
ereslibre
commented
3 years ago Despite the serviceAccount should be set now to policy-server, for some reason, the deployment created for the policy-server by the controller has the default SA yet. Looking into it.
ereslibre
commented
3 years ago
The
policy-servertoday is fetching a list of well known (and static) resources, being:Until we make this configurable and extendable with custom resources, the
policy-serverneeds to have enough rights in the Kubernetes cluster to list this resources, so context-aware policies can use this information to take contextual decisions (or perform contextual-aware mutations).Acceptance criteria
policy-serverdeployed through the controller started by the helm chart is able to list namespaces, services and ingresses in all namespaces.