ISSUE-104 - Allow composable-manager to elevated permissions #105
Conversation
| - apiGroups: | ||
| - '*' | ||
| resources: | ||
| - '*' | ||
| verbs: | ||
| - create | ||
| - delete | ||
| - get | ||
| - list | ||
| - patch | ||
| - update | ||
| - watch |
There was a problem hiding this comment.
This is a hard one, bcs it allows cluster-wide privilege escalation. Wdyt about better docs or a custom target that includes this as a patch rather than a default?
There was a problem hiding this comment.
I also struggled with this question. I think a middle ground might be to parametrize the roles and lock it behind an enable: true option. The documentation would be part of the values.yaml so that you don't have to seek it out as a special case.
There was a problem hiding this comment.
@lhriley are you planning to work on it? Otherwise I'd close the PR
There was a problem hiding this comment.
I had planned to, but I don't have the bandwidth at the moment.
There was a problem hiding this comment.
I was taking a look at this, and I'm actually not sure how to approach it using kustomize. If this was helm, it would be simple. Any thoughts? Or should I close this and let someone else come up with something?
There was a problem hiding this comment.
I'm happy to accept a helm chart as additional deployment method!
Allow the
composable-manager-rolerights to manage cluster resources.Resolves: #104