Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add namespace-scoped RBAC manifests for when prefect-operator only watches its own namespace #72

Open
1 task
mitchnielsen opened this issue Sep 6, 2024 · 2 comments
Open
1 task

Add namespace-scoped RBAC manifests for when prefect-operator only watches its own namespace #72

mitchnielsen opened this issue Sep 6, 2024 · 2 comments
Labels
prefect-operator

Comments

@mitchnielsen
Copy link
Contributor

Summary

Context: #61 (comment)

Wanted to throw this up as a Draft for later in case this ends up making sense for this Operator. As a note, if we pursue this, we'll want to update RBAC to match the new permission model (i.e. change ClusterRole to Role, etc).

Acceptance criteria

  • When Operator only watches its own namespace, scope down the RBAC so there are no cluster-scoped resources (ClusterRole, etc.)
@mitchnielsen mitchnielsen added the feature New feature label Sep 6, 2024
@mitchnielsen mitchnielsen mentioned this issue Sep 6, 2024
Merged
@chrisguidry
Copy link
Collaborator

I think this isn't about removing the cluster-scoped RBACs, it's about generating a separate set of manifests for cluster-scoped versus namespaced

@chrisguidry chrisguidry changed the title Remove cluster-scoped RBAC resources when Operator only watches its own namespace Add namespace-scoped RBAC manifests for when prefect-operator only watches its own namespace Sep 18, 2024
@mitchnielsen
Copy link
Contributor Author

Agree with the rephrasing, and this should be easier with Helm templates now that we have a chart.

@zangell44 zangell44 removed the feature New feature label Oct 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
prefect-operator
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@chrisguidry @mitchnielsen @zangell44