Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

solution #29

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

solution #29

wants to merge 1 commit into from

Conversation

nmakivchuk
Copy link

No description provided.

mateacademy-ai-mentor
mateacademy-ai-mentor approved these changes Dec 10, 2024
View reviewed changes
Copy link

@mateacademy-ai-mentor mateacademy-ai-mentor left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great job on meeting the core requirements of the task! 🎉 The RBAC configuration is mostly correct, with the necessary ServiceAccount, Role, and RoleBinding definitions in place. Just a few minor tweaks are needed: ensure the apiGroup for ServiceAccount subjects is empty, and double-check if pods should be included in the resources. Also, consider whether the commented-out ingress line in bootstrap.sh is intentional. Keep up the good work! 😊

✨ Please rate this review in the Platform's notification center. I will be grateful for your feedback! ✨

.infrastructure/security/rbac.yml
Comment on lines +26 to +27
name: secrets-reader # name of the user, group or service account.
apiGroup: rbac.authorization.k8s.io # this is always "rbac.authorization.k8s.io".
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The apiGroup for the subjects section should be empty ("") for ServiceAccount subjects, as they belong to the core API group. The current value rbac.authorization.k8s.io is incorrect.

.infrastructure/security/rbac.yml
name: secrets-lister-role # This is the name of the role
rules:
- apiGroups: [""] # "" indicates the core API group, which includes all core APIs
resources: ["pods", "secrets"] # Indicates the resources that the role can access, in this case, pods
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The resources field includes pods, which might not be necessary if the intention is only to list and get secrets. Ensure that pods is intentionally included here.

bootstrap.sh
@@ -14,7 +14,7 @@ kubectl apply -f .infrastructure/app/clusterIp.yml
kubectl apply -f .infrastructure/app/nodeport.yml
kubectl apply -f .infrastructure/app/hpa.yml
kubectl apply -f .infrastructure/app/deployment.yml

kubectl apply -f .infrastructure/security/rbac.yml
# Install Ingress Controller
kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml
# kubectl apply -f .infrastructure/ingress/ingress.yml
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The line for applying the ingress configuration is commented out. If the ingress is needed for your application, ensure to uncomment this line. Otherwise, if it's intentional, you can leave it as is.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mateacademy-ai-mentor mateacademy-ai-mentor mateacademy-ai-mentor approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nmakivchuk @mateacademy-ai-mentor