Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(operator): use rbac rules conditionally using flag #1940

Merged
merged 2 commits into from
Jan 17, 2025
Merged

fix(operator): use rbac rules conditionally using flag #1940

merged 2 commits into from
Jan 17, 2025

Conversation

rksharma95
Copy link
Collaborator

@rksharma95 rksharma95 commented Jan 15, 2025
edited
Loading

Purpose of PR?:

kubearmor conditionally annotates resources using flag -annotateResource this PR adds a deployment time flag kubearmorOperator.annotateResource to operator helm chart and use this flag to conditionally assign RBAC permissions to kubearmor and operator serviceaccounts.

additionally use role instead of clusterole to manage kubearmor k8s resources in target namespace with operator.

Fixes #1939

Does this PR introduce a breaking change?
No
If the changes in this PR are manually verified, list down the scenarios covered::

Additional information for reviewer? :

Checklist:

@rksharma95 rksharma95 force-pushed the conditional-rbac-rules branch from d5ffd91 to ac5bb4e Compare January 15, 2025 11:15
@rksharma95 rksharma95 marked this pull request as ready for review January 15, 2025 12:01
daemon1024
daemon1024 previously approved these changes Jan 15, 2025
View reviewed changes
Copy link
Member

@daemon1024 daemon1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rest LGTM

deployments/helm/KubeArmorOperator/templates/helpers.tpl Outdated Show resolved Hide resolved
@rksharma95 rksharma95 force-pushed the conditional-rbac-rules branch from ac5bb4e to 2f526ea Compare January 15, 2025 14:52
@rksharma95 rksharma95 requested a review from daemon1024 January 15, 2025 16:48
@rksharma95 rksharma95 force-pushed the conditional-rbac-rules branch from 2f526ea to fd2e653 Compare January 15, 2025 17:08
@rksharma95
use rbac rules conditionally using flag
390357d 
kubearmor conditionally annotates resources using flag -annotateResource
add a deployment time flag to operator helm chart and use this flag to
conditionally assign RBAC permissions to kubearmor and operator serviceaccounts.

additionally use role instead of clusterole to manage kubearmor k8s resources
in target namespace with operator.

Signed-off-by: rksharma95 <ramakant@accuknox.com>
@rksharma95
remove deprecated k8s resource apis
38f7f48 
Signed-off-by: rksharma95 <ramakant@accuknox.com>
@rksharma95 rksharma95 force-pushed the conditional-rbac-rules branch from fd2e653 to 38f7f48 Compare January 16, 2025 07:52
daemon1024
daemon1024 approved these changes Jan 16, 2025
View reviewed changes
Copy link
Member

@daemon1024 daemon1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👌🏽

Prateeknandle
Prateeknandle approved these changes Jan 17, 2025
View reviewed changes
Copy link
Collaborator

@Prateeknandle Prateeknandle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@Prateeknandle Prateeknandle merged commit 37f4ec5 into kubearmor:main Jan 17, 2025
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Prateeknandle Prateeknandle Prateeknandle approved these changes

@daemon1024 daemon1024 daemon1024 approved these changes

@Aryan-sharma11 Aryan-sharma11 Awaiting requested review from Aryan-sharma11

@rootxrishabh rootxrishabh Awaiting requested review from rootxrishabh

Assignees
No one assigned
Labels
None yet
Projects
Release v1.5
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

conditionally assign some of sensitive RBAC permissions to operator clusterrole
3 participants
@rksharma95 @daemon1024 @Prateeknandle