Márton Balassi created FLINK-27975:
--------------------------------------
Summary: Remove unnecessary RBAC rules from operator
Key: FLINK-27975
URL: https://issues.apache.org/jira/browse/FLINK-27975
Project: Flink
Issue Type: Improvement
Components: Kubernetes Operator
Reporter: Márton Balassi
Fix For: kubernetes-operator-1.1.0
[~jeesmon] reported the following RBAC rules obsolete:
{code}
- apiGroups:
- flink-operator
resources:
- "*"
verbs:
- "*"
{code}
https://github.com/apache/flink-kubernetes-operator/blob/main/helm/flink-kubernetes-operator/templates/rbac.yaml#L24-L29
Also * on nodes was flagged in his security review, rightfully. The rule seems
too permissive in my opinion too. As far as I remember it was needed for our
services potentially using NodePort (we use ClusterIp by default). This should
be properly verified and tidied up.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
