Closed ereslibre closed 3 years ago
I think this can be closed now, isn't it?
No, I'm still working on this. We have to grant access.
Despite the serviceAccount
should be set now to policy-server
, for some reason, the deployment created for the policy-server
by the controller has the default
SA yet. Looking into it.
The
policy-server
today is fetching a list of well known (and static) resources, being:Until we make this configurable and extendable with custom resources, the
policy-server
needs to have enough rights in the Kubernetes cluster to list this resources, so context-aware policies can use this information to take contextual decisions (or perform contextual-aware mutations).Acceptance criteria
policy-server
deployed through the controller started by the helm chart is able to list namespaces, services and ingresses in all namespaces.