-
Notifications
You must be signed in to change notification settings - Fork 461
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Protect Service Accounts Against Deletion/Remedy Deletions #55
Comments
@vlerenc which |
The ones I wrote above: the ones created by the API server implicitly (not by the addon-manager). |
Added OpenStack support for safety controller
We have seen a case where a user deleted the standard/default |
/close as there are a thousand ways to break the cluster and we cannot provide remediation for each of them. Given that the issue is open since a very long time with no attention and no activity, it's unlikely that it'll be picked up anytime soon. |
By @vlerenc: Customers may break their own clusters by deleting service accounts, which were created by the API server. Without an API server restart, these service accounts won't come back, so we either need to monitor them and either recreate them (without duplicating what the API server is doing) or restart the API server when we see somebody tampered with them.
The text was updated successfully, but these errors were encountered: