Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1713

Reduce Permissions granted for prometheus-k8s service account

XMLWordPrintable

    • False
    • False
    • NEW
    • VERIFIED
    • With this change, the permissions granted to the prometheus service account are reduced from a cluster scoped role and binding to one that is specifically granted to the openshift-logging namespace
    • Logging (Core) - Sprint 214, Logging (Core) - Sprint 216, Logging (Core) - Sprint 218, Logging (Core) - Sprint 219, Logging (Core) - Sprint 220

      Description of problem:

      The Prometheus-k8s service account is granted more privileges because of the cluster logging cluster-role-binding.

      Version-Release number of selected component (if applicable):

      How reproducible:
      100%

      Steps to Reproduce:
      1. Install ClusterLogging using OLM.
      2.
      3.

      Actual results:
      CRB that grants access to the prometheus-k8s service account to all namespaces

      Expected results:
      Only grant access to the cluster logging namespaces

      Additional info:

              jcantril@redhat.com Jeffrey Cantrill
              jcantril@redhat.com Jeffrey Cantrill
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: