Marcin Ciszak
Marcin Ciszak
Part of #10. List `unused` ClusterRoles, ClusterRoleBindings, Roles, RoleBindings.
Part of #10. `multi-binding` - Show all roles for given subject and highlight those with multiple bindings for the same role.
Part of #10. `risky-roles` - List Roles/ClusterRoles for Subject (user, group or service account) with a SCOPE (Cluster-Wide/NS)
Part of #10. `risky-subjects` - Identify risky Subjects (Users, Groups and ServiceAccounts)
Part of #10. `roles` - List Roles/ClusterRoles for Subject (user, group or service account) with a SCOPE (Cluster-Wide/NS). Alternatively split command into `users/serviceaccounts/groups`?
Part of #10. `permissions` - List Rules (compiled permissions) for given Subject (user, group, sa) in scanned Kubernetes cluster - scoped by Cluster-Wide/NS?
### What problem are you facing? In a configuration package containing several XRDs and compositions I often come across composite resources which require infrastructure knowledge such as (externally created) VPC...
It looks like reconciliation strips valid configuration from the environment override file before applying it to the base configuration. For example, it's currently impossible to override a docker `image` name...
Consider Dockerfile UID/GID extraction for automated workloads pod security policy configuration, or when not possible, default to `nobody` UID/GID with relevant message to the user with suggestions. These could be...
Currently `skaffold dev` doesn't tail logs or port-forwards services that aren't build by skaffold. See relevant issue: https://github.com/GoogleContainerTools/skaffold/issues/5067 Alternative solution would be to explicitly inject (and reconcile) `portForward` config section...