Audit operator's RBAC

The operator currently has a broad set of RBAC grants:
https://github.com/projectcontour/contour-operator/blob/main/internal/operator/operator.go#L55-L74

These are a combination of:
- permissions the Operator needs in order to create/update/delete Contour itself (e.g. CRUD on deployments, daemonsets, jobs, etc.)
- transitive permissions the Operator needs in order to create Contour's ClusterRole (e.g. get/list/watch endpoints, services, etc)

It'd be nice to:
- Organize the kubebuilder RBAC comments based on the above two categories. This should make maintenance easier, particularly keeping the second category in sync with upstream Contour's ClusterRole / the golang definitions at https://github.com/projectcontour/contour-operator/blob/main/internal/objects/clusterrole/cluster_role.go#L64
- Audit the permissions in the first category, to ensure we're only granting what's needed.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Audit operator's RBAC #486

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Audit operator's RBAC #486

Description

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions