Don't give operator permissions to create CRDs if not needed #2226
Labels
area/helm
Related to the Helm chart
good first issue
Good for newcomers
kind/enhancement
This improves or streamlines existing functionality
Comments
lambdanis
added
kind/enhancement
|
I would like to contribute to this issue, can you guide me on how to get started |
|
@itsCheithanya Thanks! To implement the fix, you'll need to use the Helm if block in the operator ClusterRole. It should be a pretty small change. To test it, first create a local kind cluster: then create a local tetragonOperator:
skipCRDCreation: trueand install Tetragon with using local Helm chart and your values.yaml file: Then, check the operator ClusterRole using kubectl: I hope this gives you a starting point. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Tetragon Operator has an option to skip CRD creation, but even if it's used, the operator ClusterRole still contains permissions to create CRDs. For slightly better security hygiene, these permissions can be included conditionally, only if needed.
The text was updated successfully, but these errors were encountered: