jwitko commented on code in PR #13747:
URL: https://github.com/apache/druid/pull/13747#discussion_r1103668685
##########
helm/druid/templates/broker/role.yaml:
##########
@@ -0,0 +1,21 @@
+{{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ template "druid.broker.fullname" . }}
+ labels:
+ app: {{ include "druid.name" . }}
+ chart: {{ include "druid.chart" . }}
+ component: {{ .Values.broker.name }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - pods
+ - configmaps
+ verbs:
+ - '*'
Review Comment:
@dampcake putting aside the potential for a new issue to be created I would
ask that we merge the RBAC in its current state since it matches the official
documentation. Once the bugs are fixed for K8s 1.25 I will test for the
minimum viable role permissions and make a new PR to apply those via the helm
chart as well as allow for concatenating or overriding the role permissions via
the chart `.Values.rbac` map so people won't get blocked on changes required
for rbac in the future.
If you're good with this let me know and I'll create the issue and it can be
assigned to me.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
