You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First of all, thanks for the tool, it is really helpful.
We are working on RBAC rules that allow our users to generate kubernetes configs out of long living API tokens using a script. This script issues the following API request to determine a list of secrets in a given namespace:
list already exposes all the content of all the secrets. get and watch are more efficient and common ways to retrieve a subset of the secrets or maintain an up to date view of updates to the secrets. If you have list permission, get and watch don't expose more data.
First of all, thanks for the tool, it is really helpful.
We are working on RBAC rules that allow our users to generate kubernetes configs out of long living API tokens using a script. This script issues the following API request to determine a list of secrets in a given namespace:
But for this audit2rbac generates a role that allows more verbs (including get) for the secrets:
Are these verbs really required for this API call? Can you please explain what is the reason behind?
The text was updated successfully, but these errors were encountered: