Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provide a less permissive ClusterRole for cross-namespace references #407

Closed
jcanseco opened this issue Feb 22, 2021 · 2 comments
Closed

Provide a less permissive ClusterRole for cross-namespace references #407

jcanseco opened this issue Feb 22, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@jcanseco
Copy link
Member

jcanseco commented Feb 22, 2021
edited

Describe the feature or the resource that you want.

Config Connector requires that you apply a RoleBinding to allow for cross-namespace references when in namespaced-mode (source).

Request: Could Config Connector provide a less permissive ClusterRole than cnrm-admin for such a purpose (e.g. a cnrm-viewer role)? The cnrm-admin role grants read/write and seems a bit overkill for the purpose.

Context: #320 (comment)
@jcanseco jcanseco added the enhancement New feature or request label Feb 22, 2021
@jcanseco jcanseco mentioned this issue Feb 22, 2021
Closed
@jcanseco jcanseco changed the title Provider a less permissive ClusterRole for cross-namespace references Provide a less permissive ClusterRole for cross-namespace references Feb 22, 2021
@karlkfi
Copy link

karlkfi commented Apr 14, 2021

KCC v1.45.0 now includes the cnrm-viewer ClusterRole, tho it seems to have been left out of the release notes.

Docs were updated tho:
https://cloud.google.com/config-connector/docs/how-to/creating-resource-references#cross-namespace_references

@karlkfi karlkfi mentioned this issue Apr 14, 2021
Open
@jcanseco
Copy link
Member Author

Yep, thanks @karlkfi! Closing.

it seems to have been left out of the release notes

Was gonna add it, but it seems like it was mentioned by this line: Supported a viewer cluster role so that resources can be referenced cross namespaces in namespaced mode. (#407)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@karlkfi @jcanseco