[ https://issues.apache.org/jira/browse/FLINK-29705?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17701118#comment-17701118 ]
ouyangwulin commented on FLINK-29705: ------------------------------------- apiVersion: v1 kind: ServiceAccount metadata: labels: system: taskmanager-serviceaccount name: taskmanager-serviceaccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: taskmanager-serviceaccount rules: - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: taskmanager-serviceaccount subjects: - kind: ServiceAccount name: taskmanager-serviceaccount roleRef: kind: Role name: taskmanager-serviceaccount apiGroup: rbac.authorization.k8s.io apiVersion: v1 kind: ServiceAccount metadata: labels: system: jobmanager-serviceaccount name: jobmanager-serviceaccount --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: jobmanager-serviceaccount rules: - apiGroups: [""] resources: ["pods","configmaps"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["apps"] resources: ["deployments"] verbs: ["get", "list", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: jobmanager-serviceaccount subjects: - kind: ServiceAccount name: jobmanager-serviceaccount roleRef: kind: Role name: jobmanager-serviceaccount apiGroup: rbac.authorization.k8s.io > Document the least access with RBAC setting for native K8s integration > ---------------------------------------------------------------------- > > Key: FLINK-29705 > URL: https://issues.apache.org/jira/browse/FLINK-29705 > Project: Flink > Issue Type: Improvement > Components: Deployment / Kubernetes, Documentation > Reporter: Yang Wang > Assignee: ouyangwulin > Priority: Major > > We should document the least access with RBAC settings[1]. And the operator > docs could be taken as a reference[2]. > > [1]. > [https://nightlies.apache.org/flink/flink-docs-release-1.15/docs/deployment/resource-providers/native_kubernetes/#rbac] > [2]. > [https://nightlies.apache.org/flink/flink-kubernetes-operator-docs-main/docs/operations/rbac/] -- This message was sent by Atlassian Jira (v8.20.10#820010)