RBAC for Dapr CLI Commands (Kubernetes)

[oluatte]

Ask your question here

What roles and permissions are required to run the various Dapr CLI commands? We are trying to automate some of the operations (e.g. cert rotation) and it is very difficult to figure out what permissions are necessary.

• A k8s service account with namespace admin to the dapr-system namespace cannot perform dapr status -k
• A k8s service account with a clusterrolebinding to the dapr-operator-admin role cannot perform dapr status -k
• Most of the commands do not have namespace flags that allow scoping the command to a specific namespace.

What rolebindings do we need to allow a service account to run the various commands (list, status, renew certificate etc)?

[oluatte]

Apologies.

I can confirm that giving a service account dapr-operator-admin allows it to run dapr status -k

[dapr-bot]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

[dapr-bot]

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged (pinned, good first issue, help wanted or triaged/resolved) or other activity occurs. Thank you for your contributions.

[dapr-bot]

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as pinned, good first issue, help wanted or triaged/resolved. Thank you for your contributions.