You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by GitBox <gi...@apache.org> on 2022/07/01 05:15:58 UTC
[GitHub] [flink-kubernetes-operator] morhidi commented on a diff in pull request #288: [FLINK-27975] Remove unnecessary RBAC rules from operator
morhidi commented on code in PR #288:
URL: https://github.com/apache/flink-kubernetes-operator/pull/288#discussion_r911620631
##########
helm/flink-kubernetes-operator/templates/rbac.yaml:
##########
@@ -21,23 +21,14 @@ RBAC rules used to create the operator (cluster)role based on the scope
*/}}
{{- define "flink-operator.rbacRules" }}
rules:
- - apiGroups:
- - flink-operator
- resources:
- - "*"
- verbs:
- - "*"
- apiGroups:
- ""
resources:
- pods
- services
- - endpoints
Review Comment:
Not sure about the endpoints, we create quite a bunch:
```
(minikube:default) ➜ flink-kubernetes-operator git:(FLINK-28228) k get endpoints
NAME ENDPOINTS AGE
basic-checkpoint-ha-example-rest 172.17.0.9:8081 8s
basic-ingress 172.17.0.7:6124,172.17.0.7:6123 16s
basic-ingress-rest 172.17.0.7:8081 16s
flink-operator-webhook-service 172.17.0.6:9443 3m36s
```
Does the service permissions include this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscribe@flink.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org