Kube-state-metrics: Review permissions we set out of the box

Created on 22 Mar 2021  路  3Comments  路  Source: kubernetes/kube-state-metrics

Currently, in our example manifests we set some permissions in the cluster-role, we seemed to have had an old API in there. It would be good to look through all the permissions we suggest and remove any we do not need.

The stretch goal for this would be to possibly add some automation for this based on the APIs we use in our resources here -> https://github.com/kubernetes/kube-state-metrics/tree/master/internal/store

help wanted kinfeature lifecyclstale

Most helpful comment

For CI, we could look into including https://github.com/open-policy-agent/conftest into CI and use this rule set: https://github.com/swade1987/deprek8ion

All 3 comments

For CI, we could look into including https://github.com/open-policy-agent/conftest into CI and use this rule set: https://github.com/swade1987/deprek8ion

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

Instead of reverse-engineering permission checks, I wonder if it would make sense to have something like ksmtool which is going to run through all of the stores and generate the necessary permissions.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

mikekap picture mikekap  路  8Comments

raja-gola picture raja-gola  路  6Comments

mrueg picture mrueg  路  3Comments

jackzampolin picture jackzampolin  路  8Comments

dopey picture dopey  路  5Comments