Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-1949

Stork / k8s extensions is listing all endpoints of a given namespaces

XMLWordPrintable

    • False
    • None
    • False
    • Hide

      Scenario:  https://github.com/quarkus-qe/quarkus-test-suite/tree/main/service-discovery/stork

      cmd: 

       mvn clean verify -Dall-modules -Dopenshift -pl service-discovery/stork

      Note: currently OCP tests are disabled

       

      Show
      Scenario:   https://github.com/quarkus-qe/quarkus-test-suite/tree/main/service-discovery/stork cmd:  mvn clean verify -Dall-modules -Dopenshift -pl service-discovery/stork Note: currently OCP tests are disabled  

      This issue is major and not critical because stork/k8s is in tech-preview
      Extension Ref: 

      io.smallrye.stork:stork-service-discovery-kubernetes

      Currently, the application that uses Stork + k8s extension requires some extra k8s privileged of a given namespace. This is required in order to do the service discovery. 

      kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  namespace: "${NAMESPACE}"
  name: endpoints-reader
rules:
  - apiGroups: [""] # "" indicates the core API group
    resources: ["endpoints"]
    verbs: ["get", "watch", "list"]

      By default an OCP user/service will not have these rights, so looks weird ( and could expose some vulnerabilities) to enable these rights to one specific user.

       

       

              amunozhe Aurea Muñoz Hernandez
              rhn-support-pagonzal Pablo Gonzalez Granados (Inactive)
              Pablo Gonzalez Granados Pablo Gonzalez Granados (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: