Currently, our RBAC role we set up for customer Namespaces in our cluster doesn't allow any access (CRUD) to a ConfigMap resource. This is because, for Scipian to write Terraform state to it's own backend in it's own account, it's necessary to have the AWS IAM credentials used by Scipian in the terraform backend definition, which is created by Scipian and exposed to a running Pod as a ConfigMap. This is fine for customers who are using Scipian to run Terraform only. However, if a customer wants to run a Pod that does something else (say an HTTP service that is exposed publicly by Scipian/Contour), they may need ConfigMap access in their Namespace depending on what that Pod needs.
Currently, our RBAC role we set up for customer Namespaces in our cluster doesn't allow any access (CRUD) to a ConfigMap resource. This is because, for Scipian to write Terraform state to it's own backend in it's own account, it's necessary to have the AWS IAM credentials used by Scipian in the terraform backend definition, which is created by Scipian and exposed to a running Pod as a ConfigMap. This is fine for customers who are using Scipian to run Terraform only. However, if a customer wants to run a Pod that does something else (say an HTTP service that is exposed publicly by Scipian/Contour), they may need ConfigMap access in their Namespace depending on what that Pod needs.