Open smlx opened 10 months ago
Currently the lagoon-logging serviceaccount uses the overly broad view default clusterrole.
lagoon-logging
view
This should be reduced to only provide permissions on namespaces and pods similar to this example
namespaces
pods
Once we figure out which permissions are required, we should also probably send a PR upstream to document this.
Currently the
lagoon-logging
serviceaccount uses the overly broadview
default clusterrole.This should be reduced to only provide permissions on
namespaces
andpods
similar to this exampleOnce we figure out which permissions are required, we should also probably send a PR upstream to document this.