Anubhav Jindal created IMPALA-15049:
---------------------------------------
Summary: Harden Impala Kubernetes operator RBAC permissions
Key: IMPALA-15049
URL: https://issues.apache.org/jira/browse/IMPALA-15049
Project: IMPALA
Issue Type: Task
Reporter: Anubhav Jindal
Assignee: Anubhav Jindal
* {*}Background{*}:
** Current operator deployment uses broad privileges to simplify bootstrap,
but this is too permissive for production environments.
* {*}Proposal{*}:
** Replace broad {{cluster-admin}} style access with least-privilege RBAC.
** Scope permissions to required API groups/resources used by Helm/operator
reconcile.
** Document any optional permissions needed for optional components.
* *Test* *Plan*:
** Deploy operator with tightened RBAC on a clean cluster.
** Reconcile core, LDAP, Kudu, and Ranger-enabled CRs.
** Verify create/update/delete workflows and status updates still work.
* *Risks/Notes*:
** Under-scoping can cause partial reconcile failures.
** Needs careful audit of all resources created by chart + operator.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
