You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Submariner addon currently has wide-ranging privileges. It doesn’t need to be able to access anything outside the namespaces it manages, so this should be reduced. See https://hackmd.io/wVfLKpxtSN-P0n07Kx4J8Q for background.
This might not be appropriate if the addon needs to be able to manage namespaces which aren’t known ahead of time. If so, the justification for its cluster-wide privileges needs to be documented.
Acceptance Criteria
The operator is de-scoped, ideally with no ClusterRole, at minimum with justifications for every permission in its ClusterRole.
Epic Description
The Submariner addon currently has wide-ranging privileges. It doesn’t need to be able to access anything outside the namespaces it manages, so this should be reduced. See https://hackmd.io/wVfLKpxtSN-P0n07Kx4J8Q for background.
This might not be appropriate if the addon needs to be able to manage namespaces which aren’t known ahead of time. If so, the justification for its cluster-wide privileges needs to be documented.
Acceptance Criteria
The operator is de-scoped, ideally with no ClusterRole, at minimum with justifications for every permission in its ClusterRole.
See also submariner-io/enhancements#75 for the Submariner operator.
Definition of Done (Checklist)
Work Items
The text was updated successfully, but these errors were encountered: