k8s icon indicating copy to clipboard operation
k8s copied to clipboard
verified publisher icon portainer

Restricting ClusterRoleBinding in Portainer Helm Chart

Open emagiz opened this issue 1 year ago • 2 comments

It seems that the ClusterRoleBinding to the admin ClusterRole is necessary for Portainer to function fully in Kubernetes, particularly for deployments beyond Edge compute features. This enables the option to disable RBAC when full Kubernetes cluster management is not needed.

The current Portainer Helm chart does not provide an option to disable the RBAC-related templates, including ClusterRoleBinding creation, via the values file. This lack of configurability prevents us from aligning with our security requirements.

A proposed solution would be to include a flag in the values file like: enableRBAC: true/false and create the RBAC template accordingly

emagiz avatar Oct 02 '24 13:10 emagiz

A PR is created with the proposed changes: https://github.com/portainer/k8s/pull/151

emagiz avatar Oct 02 '24 14:10 emagiz

fixed by #151

mwoudstra avatar Nov 08 '24 10:11 mwoudstra