Skip to content

[Feature] Restrict Pod create and /exec permissions #30

Description

@chipzoller

Problem Statement

RBAC permissions are still unnecessarily wide today in that pods and pod/exec are granted too broadly. This isn't necessary as the only Pod which needs to be created and exec'd into is the datamover Pod.

Solution Description

Reduce RBAC permissions for Pod creation and /exec subresource to only the datamover Pod.

Alternatives

No response

Additional Context

No response

Troubleshooting

  • I have searched other issues in this repository and mine is not recorded.

Metadata

Metadata

Assignees

Labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions