Bug: Unnecessary permissions #1580
Comments
|
Hi, thanks for the report! I think that's a good catch, as we are only creating and updating ingresses as of now. PR is highly welcomed :) |
|
I believe the delete permission is required. A GSLB resource creates an ingress resource from the embedded spec. When that GSLB is deleted it deletes the ingress it created. The deletion is done through a finalizer since the GSLB resource owns the Ingress, that is why the source code doesn't include an explicit deletion. |
|
@abaguas that's actually good point for the case of full embedded Ingress ownership, we need deletion. Closing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi community!
I just found that the Deployment k8gb in the charts has
deleteverb for theingressesresource (role.yaml). However, after reading the source code of k8gb, I didn't find any Kubernetes API usages that requiredelete ingressespermissions. Therefore, for security reasons, I suggest checking this permission to determine if it is truly unnecessary. If it is, the issue should be fixed by removing the unnecessary permission or other feasible methods.The text was updated successfully, but these errors were encountered: