Reduce privileges of lagoon-logging serviceaccount

Currently the `lagoon-logging` serviceaccount uses the overly broad `view` [default clusterrole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#user-facing-roles).

This should be reduced to only provide permissions on `namespaces` and `pods` similar to [this example](https://github.com/fluent/fluentd-kubernetes-daemonset/blob/f76233a11cbc628ab78b81860338ec3d48ffb36a/fluentd-daemonset-elasticsearch-rbac.yaml#L8-L22)

Once we figure out which permissions are required, we should also probably send a PR [upstream](https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter) to document this.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Reduce privileges of lagoon-logging serviceaccount #632

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Reduce privileges of lagoon-logging serviceaccount #632

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions