I am currently configuring the solr-operator which uses the zookeeper-operator as a dependency. Upon reviewing the RBAC that both operators are creating I noted that they create ClusterRole/ClusterRoleBinding with fairly wide-ranging permissions.
I noticed when configuring the watchNamespaces variable in the solr-operator helm chart that it switched the ClusterRole/ClusterRoleBinding for namespaced Role/RoleBinding for the namespaces specified in the variable. Which makes the permissions the operator has much more restricted. (it looks like these changes were implemented in apache/solr-operator#124)
I noticed that zookeeper-operator has a similarly named watchNamespace variable in the helm chart which looks like it provides a similar functionality.
Would it be possible to implement a similar change to the RBAC in the zookeeper-operator?
Importance
should-have.
Location
helm chart.
Suggestions for an improvement
Implement RBAC helm chart templates similarly to the solr-operator. Also change watchNamespace variable to watchNamespaces.
I am happy to provide a contribution if this is something that would work & be accepted.
Description
I am currently configuring the solr-operator which uses the zookeeper-operator as a dependency. Upon reviewing the RBAC that both operators are creating I noted that they create ClusterRole/ClusterRoleBinding with fairly wide-ranging permissions.
I noticed when configuring the
watchNamespacesvariable in the solr-operator helm chart that it switched the ClusterRole/ClusterRoleBinding for namespaced Role/RoleBinding for the namespaces specified in the variable. Which makes the permissions the operator has much more restricted. (it looks like these changes were implemented in apache/solr-operator#124)I noticed that zookeeper-operator has a similarly named
watchNamespacevariable in the helm chart which looks like it provides a similar functionality.Would it be possible to implement a similar change to the RBAC in the zookeeper-operator?
Importance
should-have.
Location
helm chart.
Suggestions for an improvement
Implement RBAC helm chart templates similarly to the solr-operator. Also change
watchNamespacevariable towatchNamespaces.I am happy to provide a contribution if this is something that would work & be accepted.