Uploaded image for project: 'Observability and Data Analysis Program'
  1. Observability and Data Analysis Program
  2. OBSDA-1197

RFE - add a feature flag for the creation for the ClusterRoleBindings to make them optional

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Unresolved
    • Icon: Normal Normal
    • None
    • None
    • PM Monitoring
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • 0
    • 0% To Do, 0% In Progress, 100% Done

      Proposed title of this feature request

      As of now the Cluster Observability Operator is creating a ClusterRoleBinding for the ServiceAccounts for Prometheus and Alertmanager, which gives the ServiceAccount the possibility to get,list,watch on services, endpoints, pods and ingresses for the whole cluster. As a service provider it's giving the end user the possibility to get all data for the given resources from the whole cluster what should be prevented in a multi-tenant environment. There should be a way to make it optional that the ClusterRoleBinding is getting created.

      What is the nature and description of the request?

      Increase security and protect customer data getting accessed from other customers.

      Why does the customer need this? (List the business requirements)

      Increasing security and data protection

      List any affected packages or components.

      Cluster Observability Operator 1.2

              rh-ee-rfloren Roger Florén
              rhn-support-anowak Andreas Nowak
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated: