Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove discover of podcidrs: #383

Merged
merged 1 commit into from
Dec 16, 2023
Merged

Remove discover of podcidrs: #383

merged 1 commit into from
Dec 16, 2023

Conversation

jacobweinstock
Copy link
Member

Description

The permissions needed to list nodes and pods in the "kube-system" namespace are too extensive and unneeded by Smee. Also not a good security posture to make these permissions available to Smee.

Why is this needed

Fixes: #

How Has This Been Tested?

How are existing users impacted? What migration steps/scripts do we need?

Checklist:

I have:

  • updated the documentation and/or roadmap (if required)
  • added unit or e2e tests
  • provided instructions on how to upgrade

@jacobweinstock jacobweinstock changed the title Remmove discover of podcidrs: Remove discover of podcidrs: Dec 15, 2023
@jacobweinstock
Remmove discover of podcidrs:
dc5b92d 
The permissions needed to list nodes
and pods in the "kube-system" namespace
are too extensive and unneeded by Smee.
Also not a good security posture to make these
permissions available to Smee.

Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
@codecov Codecov
Copy link

codecov bot commented Dec 16, 2023

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (ccc2c65) 30% compared to head (dc5b92d) 28%.

Additional details and impacted files 
@@         Coverage Diff         @@
##           main   #383   +/-   ##
===================================
- Coverage    30%    28%   -3%     
===================================
  Files         5      5           
  Lines       526    481   -45     
===================================
- Hits        161    136   -25     
+ Misses      353    337   -16     
+ Partials     12      8    -4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@jacobweinstock jacobweinstock merged commit dea4bd4 into tinkerbell:main Dec 16, 2023
5 checks passed
@jacobweinstock jacobweinstock deleted the auto-discover-trusted-proxies branch December 16, 2023 00:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jacobweinstock