Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The NKG controller should run with least privileges #545

Closed
ja20222 opened this issue Apr 5, 2023 · 0 comments · Fixed by #1004
Closed

The NKG controller should run with least privileges #545

ja20222 opened this issue Apr 5, 2023 · 0 comments · Fixed by #1004
Assignees
@sjberman
Labels
area/security For security best practices refined Requirements are refined and the issue is ready to be implemented. size/small Estimated to be completed within ~2 days
Milestone
v1.0.0

Comments

@ja20222
Copy link

ja20222 commented Apr 5, 2023
edited by mpstefan
Loading

As a potential user of NKG that wants to run NKG on a permission restricted cluster
I want the NKG controller to run with the least privileges it needs to operate
So that I can run NKG in my permission restricted cluster.

Acceptance

  • Ensure that the privileges on the pod are restricted to only what is necessary
  • Ensure that RBAC permissions for the service account associated with NKG pods are restricted to only what is necessary.
@ja20222 ja20222 added the bug Something isn't working label Apr 5, 2023
@mpstefan mpstefan added this to the v1.0.0 milestone Jul 13, 2023
@mpstefan mpstefan added area/security For security best practices and removed bug Something isn't working labels Jul 13, 2023
@mpstefan mpstefan modified the milestones: v1.0.0, v1.0.1 Aug 11, 2023
@mpstefan mpstefan added refined Requirements are refined and the issue is ready to be implemented. size/small Estimated to be completed within ~2 days labels Aug 21, 2023
@sjberman sjberman self-assigned this Aug 28, 2023
@sjberman sjberman mentioned this issue Aug 28, 2023
Merged
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sjberman sjberman

Labels
area/security For security best practices refined Requirements are refined and the issue is ready to be implemented. size/small Estimated to be completed within ~2 days
Projects
NGINX Gateway Fabric
Archived in project
Milestone
v1.0.0
Development

Successfully merging a pull request may close this issue.

Ensure NKG has least privileges sjberman/nginx-gateway-fabric
3 participants
@mpstefan @sjberman @ja20222