kube-consul-register icon indicating copy to clipboard operation
kube-consul-register copied to clipboard

Published 20 hours ago verified publisher icon tczekajlo

True single namespace functionality

Open GoodOldJack12 opened this issue 2 years ago • 3 comments

Updates the API version like #60

This change makes it possible to deploy consul-register in a single namespace without needing cluster-wide permissions. rolebinding.yaml contains the minimal permission set required for this setup. (watch doesn't seem to break all functionality, but the application does produce errors if its not present)

I'm not familiar with Go, so please check if I didn't accidentally break something.

GoodOldJack12 avatar Jul 28 '22 09:07 GoodOldJack12

Why do we need this when we can use ClusterRoleBinding and that works?

shivamnarula avatar May 24 '23 20:05 shivamnarula

Why do we need this when we can use ClusterRoleBinding and that works?

Because then it wouldn't be truly in a single name space. A good use case for this is multi-tenant setups where a tenant might not have cluster wise permissions.

Really, there's no reason to have a cluster role for this functionality.

This would also make this application have an advantage over the official consul solution, which can't be installed in a single namespace

GoodOldJack12 avatar May 24 '23 20:05 GoodOldJack12

Why do we need this when we can use ClusterRoleBinding and that works?

Because then it wouldn't be truly in a single name space. A good use case for this is multi-tenant setups where a tenant might not have cluster wise permissions.

Really, there's no reason to have a cluster role for this functionality.

This would also make this application have an advantage over the official consul solution, which can't be installed in a single namespace

Understood. Thankyou!

shivamnarula avatar May 25 '23 05:05 shivamnarula