generated from knative-extensions/sample-controller
-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unused ClusterRole knative-serving-istio #995
Labels
kind/enhancement
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
triage/accepted
Issues which should be fixed (post-triage)
Comments
a7i
changed the title
ClusterRle knative-serving-istio
ClusterRole knative-serving-istio
Oct 7, 2022
a7i
changed the title
ClusterRole knative-serving-istio
Unused ClusterRole knative-serving-istio
Oct 7, 2022
This issue is stale because it has been open for 90 days with no |
github-actions
bot
added
the
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
label
Jan 6, 2023
/lifecycle frozen |
knative-prow
bot
added
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
and removed
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
labels
Feb 2, 2023
ReToCode
added
kind/enhancement
triage/accepted
Issues which should be fixed (post-triage)
labels
Feb 15, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
kind/enhancement
lifecycle/frozen
Indicates that an issue or PR should not be auto-closed due to staleness.
triage/accepted
Issues which should be fixed (post-triage)
ClusterRole
knative-serving-istio
seems to not be binding to any RoleBinding/ClusterRoleBindings.https://github.com/knative-sandbox/net-istio/blob/main/config/200-clusterrole.yaml
net-istio-controller
Deployment is using the ServiceAccountcontroller
which is used by the knative-serving Controller. This ServiceAccount already has the following permissions from ClusterRoleknative-serving-admin
It would be ideal for net-istio-controller to use its own ServiceAccount with its own permissions and follow the principle of least privilege
The text was updated successfully, but these errors were encountered: