You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The ServiceBinding controller currently relies on the spec ClusterRole label servicebinding.io/controller: "true" to aggregate non-provisionedservice RBAC to the controller manager. See deployed config here.
The means any system that also aggregates on servicebinding.io/controller: "true" will pick up the internal RBAC for this controller. This also includes write permissions such as create/delete/update.
Expected behavior
That servicebinding.io/controller: "true" is only used for ProvisionedService types and should only contain get/list/watch.
The text was updated successfully, but these errors were encountered:
Bug description
The ServiceBinding controller currently relies on the spec ClusterRole label
servicebinding.io/controller: "true"
to aggregate non-provisionedservice RBAC to the controller manager. See deployed config here.The means any system that also aggregates on
servicebinding.io/controller: "true"
will pick up the internal RBAC for this controller. This also includes write permissions such as create/delete/update.Expected behavior
That
servicebinding.io/controller: "true"
is only used for ProvisionedService types and should only contain get/list/watch.The text was updated successfully, but these errors were encountered: