Add RBAC to make kubearchive route discoverable #9575
Conversation
Signed-off-by: Marta Anon <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: maruiz93 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
🤖 Gemini AI Assistant AvailableHi @maruiz93! I'm here to help with your pull request. You can interact with me using the following commands: Available Commands
How to Use
PermissionsOnly OWNER, MEMBER, or COLLABORATOR users can trigger my responses. This ensures secure and appropriate usage. This message was automatically added to help you get started with the Gemini AI assistant. Feel free to delete this comment if you don't need assistance. |
|
🤖 Hi @maruiz93, I've received your request, and I'm working on it now! You can track my progress in the logs for more details. |
| kind: RoleBinding | ||
| apiVersion: rbac.authorization.k8s.io/v1 | ||
| metadata: | ||
| name: authenticated-route-access |
There was a problem hiding this comment.
I would call it kubearchive-route-reader to match the role.
gbenhaim
left a comment
gbenhaim
left a comment
There was a problem hiding this comment.
Routes can contain sensitive information such as TLS key. I understand that this isn't the case for Kubearchive today, but I general I don't think we should allow any route configuration to be visible to any authenticated user.
3 participants
The KubeArchive CLI has recently introduced a feature that allows automatic configuration by trying to discover, among other things, an Openshift Route to access the KubeArchive API.
For this to work, the users should have access to the
Routesin theproduct-kubearchivenamespace.This PR provides RBAC permissions to every authenticated user in the cluster.