Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a custom service account for apicurio registry. #164

Open
jhughes24816 opened this issue Feb 22, 2022 · 0 comments
Open

Add a custom service account for apicurio registry. #164

jhughes24816 opened this issue Feb 22, 2022 · 0 comments
Assignees
@jsenko
Labels
Enhancement New feature or request

Comments

@jhughes24816
Copy link
Contributor

jhughes24816 commented Feb 22, 2022
edited
Loading

Pods should refer to a ServiceAccount other than "default" at spec.serviceAccountName. The default ServiceAccount grants many permissions that likely are not needed by the Pod and may not match the required needs of the workload. The "default" may have higher or lower permissions than what is required and can also change over time, impacting the operations of the workload.

Proposed solution: the operator builds a service account with the same name as the registry instance and sets it up with the correct initial permissions.
@EricWittmann EricWittmann added the Enhancement New feature or request label Mar 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jsenko jsenko

Labels
Enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jsenko @EricWittmann @jhughes24816