[
https://issues.apache.org/jira/browse/FLINK-33633?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17789176#comment-17789176
]
Gyula Fora commented on FLINK-33633:
------------------------------------
I am not completely sure about this feature. It's generally an anti pattern for
operators to do such actions. Operators should run with minimal permissions and
in most prod envs admins do not want the Flink operator to have access to
creating services accounts, roles and role bindings
> Automatic creation of RBAC for instances of Flink Deployments
> -------------------------------------------------------------
>
> Key: FLINK-33633
> URL: https://issues.apache.org/jira/browse/FLINK-33633
> Project: Flink
> Issue Type: Improvement
> Components: Kubernetes Operator
> Affects Versions: kubernetes-operator-1.7.0
> Reporter: Tony Garrard
> Priority: Not a Priority
>
> Currently users have to manually create RBAC e.g. the flink service account.
> When operator is watching all namespaces; creation of a FlinkDeployment in a
> specific namespace may fail if the kube admin has failed to create the
> required RBAC. To improve usability the operator could be coded to
> automatically create these rbac resources in the instance namespace if not
> present
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
