Remove event.delete permission #2884
Comments
5 tasks
|
Wow, thank you a lot for the fast reaction and change <3!!!! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
Our kubernetes clusters are quite restricted in terms of permissions and therefore it is for tracability reasons not allowed to delete events. fission seem to request the events.delete permission in two places, namely for the executor and keda linked below.
https://github.com/fission/fission/blob/main/charts/fission-all/templates/_fission-kubernetes-roles.tpl#L77
https://github.com/fission/fission/blob/main/charts/fission-all/templates/_fission-kubernetes-roles.tpl#L206
Describe the solution you'd like
As I could not find the reason in the code the delete permission is requested, I would like to get this removed. Therefore the events permission should be separated from the pods, services etc to not include the delete permission.
Describe alternatives you've considered
Alternatively the delete permission could be made optional and the code follows this similar to the executor.serviceAccountCheck.enabled could help, but as of now I would not know which part of the code tries to delete events.
Additional context
The text was updated successfully, but these errors were encountered: