cross-cloud icon indicating copy to clipboard operation
cross-cloud copied to clipboard
verified publisher icon crosscloudci

RBAC Authorization, roles and service accounts

Open namliz opened this issue 8 years ago • 0 comments

To play nice with updated Helm charts, --authorization-mode=RBAC is highly recommended for 1.7+. https://kubernetes.io/docs/admin/authorization/rbac/#role-examples

One possible useful dodge is to toggle it on and create/edit a default role that is totally permissive. Otherwise the permissions for everything cross-cloud will run will need to be kept in mind.

The cncfdemo will at least need something like:

rules:
- apiGroups: [""]
  resources: ["nodes"]
  verbs: ["get", "list", "watch"]

namliz avatar Aug 18 '17 10:08 namliz