search

uselagoon / lagoon-charts

A collection of Helm charts for Lagoon and associated services.
Apache License 2.0
11 stars 10 forks source link

Reduce privileges of lagoon-logging serviceaccount #632

Open smlx opened 10 months ago

smlx commented 10 months ago

Currently the lagoon-logging serviceaccount uses the overly broad view default clusterrole.

This should be reduced to only provide permissions on namespaces and pods similar to this example

Once we figure out which permissions are required, we should also probably send a PR upstream to document this.