Evaluate the requirement for having admin level permissions for rukpak controller

operator-framework / rukpak

RukPak runs in a Kubernetes cluster and defines APIs for installing cloud native content

Apache License 2.0

52 stars 50 forks source link

Evaluate the requirement for having admin level permissions for rukpak controller #800

Open varshaprasad96 opened 8 months ago

varshaprasad96 commented 8 months ago

Currently, we specify rukpak controller to have admin level permissions: https://github.com/operator-framework/rukpak/blob/1d284f91a3dfba176c1ff9e728e705681e885a25/internal/controllers/bundledeployment/bundledeployment.go#L162

This seems to be required to be able to manage the lifecycle of bundle resources effectively.

This issue is to evaluate the requirement for having this level of elevated permissions (Even if the outcome could be that we need to have it this way).

github-actions[bot] commented 6 months ago

This issue has become stale because it has been open 60 days with no activity. The maintainers of this repo will remove this label during issue triage or it will be removed automatically after an update. Adding the lifecycle/frozen label will cause this issue to ignore lifecycle events.

skattoju commented 3 months ago

we would still need list and watch on all objects even after using the service account provided in spec right ? //+kubebuilder:rbac:groups=*,resources=*,verbs=list;watch