Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: rbac permissions for odiglet #2049

Open
wants to merge 14 commits into
base: main
Choose a base branch
from

Conversation

blumamir
Copy link
Collaborator

remove unused permissions and make some of them role instead of clusterrole

},
&corev1.Namespace{}: {
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

note: this was not used and is leftover from the time we were calculating if workload is instrumented in odiglet

- pods
- services
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove service which is not used by odiglet

@@ -6,26 +6,25 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
- namespaces
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove namespaces - not used by odiglet

@@ -6,26 +6,25 @@ rules:
- apiGroups:
- ""
resources:
- configmaps
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made configmap role instead of clusterrole

Comment on lines -37 to -41
- daemonsets/finalizers
- deployments/finalizers
- statefulsets/finalizers
verbs:
- update
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

finalizers are not modified by odiglet

Comment on lines -53 to -54
- collectorsgroups
- collectorsgroups/status
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

made collectorsgroup role instead of clusterrole. we should remove them and record the signals in instrumentationconfig (future PR)

- apiGroups:
- odigos.io
resources:
- odigosconfigurations
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

leftover from the time the config was a special CRD (and not configmap)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants