Identify Charts that Need RBAC Enabled

Question

Identify Charts that Need RBAC Enabled

Closed this issue 6 years ago · 3 comments

osterman commented 6 years ago

what

Identify all charts that need RBAC enabled
Create issue in this repo and associate with PCI/Security project

why

PCI/Security compliance

Answer 1 · 2018-09-19T09:23:01.000Z

@osterman may be it would be better to create a single PR with RBAC enabled by default in all charts that support it instead of creating issue for each helmfile.

Answer 2 · 2018-09-19T12:38:55.000Z

@osterman
Or even better solution:
I can parametrize rbac based on global env KOPS_AUTHORIZATION_RBAC_ENABLED.
Something like that:

{{  env "KOPS_AUTHORIZATION_RBAC_ENABLED" | default "false" }}

Answer 3 · 2018-09-19T21:54:06.000Z

That's interesting - I'm not sure the best approach.

Keep in mind we would like most of these to work on EKS, GKE in addition to Kops.

My main concern is to reduce the size of the PR. So if we can do everything in one smallish PR, I'm okay with it.