[Bug] What's minimum permission set for kuberay-operator? #2213
Comments
kevin85421
added
github_actions
|
@vinayakankugoyal are you aware of any tools we can use to determine the minimum set of permissions? Otherwise, I think it'll involve a manual review of the code to determine the minimum set of permissions for a functional kuberay (some permissions are not strictly needed) |
|
One way to determine this would be to use the kubernetes audit logs. There is one tool that exists which can do this. https://github.com/liggitt/audit2rbac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Search before asking
KubeRay Component
ray-operator
What happened + What you expected to happen
We can find many k8s permission on kuberay-operator:
https://github.com/ray-project/kuberay/blob/master/helm-chart/kuberay-operator/templates/role.yaml
More permission, more insecure
So what's minimum permission set for kuberay-operator?
Reproduction script
question
Anything else
question
Are you willing to submit a PR?
The text was updated successfully, but these errors were encountered: