Suggesting more restrictive k8s RBAC and PSP #662
Labels
enhancement
New feature or request
help wanted
Extra attention is needed
pinned
priority-low
question
Further information is requested
Milestone
Describe the bug:
I think that RBAC and PSP applied to logging-operator, fluent-bit and fluentd are too permissive.
Proposal:
I propose following RBAC and PSP to restrict as much as possible permissions to components, without jeopardizing or influencing normal functionalities:
operator RBAC + PSP:
fluent-bit RBAC + PSP:
fluentd RBAC + PSP:
logging usage example:
Environment details:
Above proposal were tested on an environment with following details:
Looking forward your feedback!!
/kind bug
The text was updated successfully, but these errors were encountered: