defenseunicorns/pepr

Make ClusterRole, Webhook bindings restricted to current module

Closed this issue · 0 comments

Currently, Pepr doesn't limit the ClusterRole or Webhook bindings to the current module. These should be limited if possible to not over-privilege the controller service account. We also need to evaluate how the webhook bindings work.

Screenshot 2023-04-17 at 1 44 50 AM

Screenshot 2023-04-17 at 1 44 37 AM