Question: what is the purpose of rbac role in this chart?
RomanIzvozchikov opened this issue · 2 comments
Hello!
I tried to realise what is the purpose of rbac role in this chart? We need these permissions if Bitwarden pod needs to modify some Kubernetes resources, but I am unsure that Bitwarden pod does this. I didn't find any related information in README.md.
From my perspective these permissions listed in RBAC role are unnecessary.
rules:
- apiGroups: ["extensions", "apps"]
resources: ["deployments"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["create","delete","get","list","patch","update","watch"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get","list","watch"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
Could somebody clarify this?
I guess it was added as a starting point to implement the principle of least privilege, but this should have been tailored and unnecessary permissions were removed.
I guess it was added as a starting point to implement the principle of least privilege, but this should have been tailored and unnecessary permissions were removed.
@0xsanti thank you for the reply!