Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1713

Reduce Permissions granted for prometheus-k8s service account

    XMLWordPrintable

Details

    • False
    • False
    • NEW
    • VERIFIED
    • With this change, the permissions granted to the prometheus service account are reduced from a cluster scoped role and binding to one that is specifically granted to the openshift-logging namespace
    • Logging (Core) - Sprint 214, Logging (Core) - Sprint 216, Logging (Core) - Sprint 218, Logging (Core) - Sprint 219, Logging (Core) - Sprint 220

    Description

      Description of problem:

      The Prometheus-k8s service account is granted more privileges because of the cluster logging cluster-role-binding.

      Version-Release number of selected component (if applicable):

      How reproducible:
      100%

      Steps to Reproduce:
      1. Install ClusterLogging using OLM.
      2.
      3.

      Actual results:
      CRB that grants access to the prometheus-k8s service account to all namespaces

      Expected results:
      Only grant access to the cluster logging namespaces

      Additional info:

      Attachments

        Activity

          People

            jcantril@redhat.com Jeffrey Cantrill
            jcantril@redhat.com Jeffrey Cantrill
            Qiaoling Tang Qiaoling Tang
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: