Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions given to the add-on components are too broad #612

Closed
t0rr3sp3dr0 opened this issue Feb 24, 2023 · 0 comments · Fixed by #613 or kedacore/charts#398
Closed

Permissions given to the add-on components are too broad #612

t0rr3sp3dr0 opened this issue Feb 24, 2023 · 0 comments · Fixed by #613 or kedacore/charts#398
Labels
bug Something isn't working

Comments

@t0rr3sp3dr0
Copy link
Contributor

Report

Part of #611. The current role of the HTTP Add-On is too powerful and gives read-write access to a lot of different resources in all namespaces. This same role is given to all components of the add-on even though this is not necessary.

Expected Behavior

  • K8s permissions given to the add-on should be on as-needed basis.
  • The permissions should be scoped based on each component needs.

Actual Behavior

  • Permissions give cluster-wide read-write access to resources like ConfigMaps, Deployments, Endpoints, Pods, and Services.
  • All add-on components share the same ServiceAccount, thus the same permission set.

Steps to Reproduce the Problem

N/A

Logs from KEDA HTTP operator

N/A

What version of the KEDA HTTP Add-on are you running?

0.4.0

Kubernetes Version

1.24

Platform

Microsoft Azure

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
Roadmap - KEDA HTTP Add-On
Status: Done
Milestone
No milestone
1 participant
@t0rr3sp3dr0