Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
Description
Currently we run with cluster-admin privileges. That is really broad. Kubernetes has more limited roles called system:kube-scheduler and system:volume-scheduler. Those roles are assigned to the default scheduler.
These roles will not fit for us as we do a little more than the default scheduler when it comes down to placeholder pods.
We need to assess if we can drop as many privileges as possible and not run with cluster admin role.
Attachments
Issue Links
- relates to
-
YUNIKORN-995 Use v1 for ClusterRoleBinding rbac.authorization.k8s.io instead of v1beta1
- Closed
- links to