[
https://issues.apache.org/jira/browse/FLINK-27975?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Márton Balassi reassigned FLINK-27975:
--------------------------------------
Assignee: Jeesmon Jacob
> Remove unnecessary RBAC rules from operator
> -------------------------------------------
>
> Key: FLINK-27975
> URL: https://issues.apache.org/jira/browse/FLINK-27975
> Project: Flink
> Issue Type: Improvement
> Components: Kubernetes Operator
> Reporter: Márton Balassi
> Assignee: Jeesmon Jacob
> Priority: Major
> Fix For: kubernetes-operator-1.1.0
>
>
> [~jeesmon] reported the following RBAC rules obsolete:
> {code}
> - apiGroups:
> - flink-operator
> resources:
> - "*"
> verbs:
> - "*"
> {code}
> https://github.com/apache/flink-kubernetes-operator/blob/main/helm/flink-kubernetes-operator/templates/rbac.yaml#L24-L29
> Also * on nodes was flagged in his security review, rightfully. The rule
> seems too permissive in my opinion too. As far as I remember it was needed
> for our services potentially using NodePort (we use ClusterIp by default).
> This should be properly verified and tidied up.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
