From ff5c06f81408a48bc98edc3fa888181a6b494af2 Mon Sep 17 00:00:00 2001 From: Aaron Crickenberger Date: Mon, 29 Jun 2020 15:27:59 -0700 Subject: [PATCH] Allow namespace-use-role access to secrets Putting this up to ask the question: why are cluster admins the only people allowed to create secrets? I personally would rather delegate control of a namespace's resource, including its secrets, to the rbac group. --- infra/gcp/namespaces/namespace-user-role.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/infra/gcp/namespaces/namespace-user-role.yml b/infra/gcp/namespaces/namespace-user-role.yml index a6f1b36ee6a..46ac5bdbcff 100644 --- a/infra/gcp/namespaces/namespace-user-role.yml +++ b/infra/gcp/namespaces/namespace-user-role.yml @@ -40,7 +40,7 @@ rules: verbs: ["get", "list"] - apiGroups: [""] resources: ["secrets"] - verbs: ["list"] + verbs: ["*"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["list"]