Skip to content
This repository has been archived by the owner on Jan 19, 2024. It is now read-only.

feat: Change used ClusterRole #59

Merged
merged 1 commit into from
Mar 10, 2022
Merged

Conversation

TannerGabriel
Copy link
Member

Change argo-service from using the cluster-admin role to a custom role resembling the argo-rollouts cluster role.

Fixes

#44

Signed-off-by: TannerGabriel <[email protected]>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 8, 2022

The following Docker Images have been built:
keptncontrib/argo-service:0.9.2-dev-PR-59,keptncontrib/argo-service:0.9.2-dev-PR-59.202203081715

Copy link
Contributor

@pchila pchila left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While definitely an improvement over using the cluster-admin role, I don't understand why the service needs so much write access to stuff like the replicasets/ingresses/jobs (I am fine with the argo apigroup permissions).
Aren't the actual actions on the replicasets going to be taken by the argo rollouts controller anyway?

@christian-kreuzberger-dtx
Copy link
Contributor

@pchila yes, that's what it needs. While there is a CRD for argo, for some reason kubectl argo (plugin...) requires some roles :D

@christian-kreuzberger-dtx christian-kreuzberger-dtx linked an issue Mar 10, 2022 that may be closed by this pull request
1 task
Copy link
Contributor

@christian-kreuzberger-dtx christian-kreuzberger-dtx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@TannerGabriel TannerGabriel merged commit 96c7711 into master Mar 10, 2022
@TannerGabriel TannerGabriel deleted the feat/change-cluster-role branch March 10, 2022 18:09
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Do not use clusterAdmin role for argo-service
3 participants