update components-permission docs #728
Conversation
karmada-bot
added
the
kind/feature
karmada-bot
added
the
size/XS
Signed-off-by: zhzhuang-zju <[email protected]>
|
New changes are detected. LGTM label has been removed. |
karmada-bot
added
size/L
|
cc @RainbowMango I have revised the content and layout of the component-permission |
Signed-off-by: zhzhuang-zju <[email protected]>
|
|
||
| # Permissions for Karmada Components | ||
|
|
||
| This document provides a detailed explanation of the Role-Based Access Control (RBAC) permissions required for key components of Karmada. It aims to ensure secure management and compliant access to resources within the system. As a multi-cluster management framework, controlling permissions between Karmada components is essential for maintaining the security and stability of the entire system. This guide will help administrators understand and configure the RBAC permissions needed for Karmada components effectively. |
There was a problem hiding this comment.
This document provides a detailed explanation of the Role-Based Access Control (RBAC) permissions required for key components of Karmada.
Currently the doc only includes karmada-operator and karmada-agent, will other components be included in the future?
There was a problem hiding this comment.
yes, Once the permissions for the other components have been sorted out, they will also be added to this document
|
|
||
| For more detailed information about RBAC permissions, please refer to the [official RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/). | ||
|
|
||
| *Note: The resources in this document are all Karmada control plane resources.* |
There was a problem hiding this comment.
Is that true?
For instance, the leases required by karmada-operator is Kubernetes instead of the Karmada control plane.
There was a problem hiding this comment.
Great catch! This note should be placed in the "karmada-agent" section.
|
|
||
| | Resource | API Group | Resource Names | Verbs | Description | | ||
| | --------------- | ------------------- | -------------- | --------------------------- | ------------------------------------------------------------ | | ||
| | leases | coordination.k8s.io | / | get, create, update | Required for leader election | |
There was a problem hiding this comment.
What does the / mean? mean all or NA?
There was a problem hiding this comment.
it means all. Should I change / to all?
There was a problem hiding this comment.
* would be better
Signed-off-by: zhzhuang-zju <[email protected]>
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
What this PR does / why we need it:
Further reduce the permissions of karmada-agent
Which issue(s) this PR fixes:
Fixes #
Special notes for your reviewer: