[Hawkular-dev] hosa and its own role
John Mazzitelli
mazz at redhat.com
Wed Jan 11 17:16:19 EST 2017
Playing around with OpenShift roles, I found the agent doesn't need the vast majority of permissions the cluster-reader role provides.
So, rather than assign the agent to the cluster-reader role, I instead create a single role for the agent to be given where that role provides only the permissions the agent actually needs to do its job and no others:
https://github.com/hawkular/hawkular-openshift-agent/pull/87/files#diff-e7dc415f5f89921c318c41da6b565347
So far, this looks to be working. Heiko, feel free to try this out. Its part of that use-secrets PR/branch.
More information about the hawkular-dev
mailing list