Skip to content

Kubernetes Deployment Readme Suggests Too Broad Permissions #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
davidz627 opened this issue Jun 13, 2018 · 2 comments
Closed

Kubernetes Deployment Readme Suggests Too Broad Permissions #3

davidz627 opened this issue Jun 13, 2018 · 2 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.
Milestone
Beta

Comments

@davidz627
Copy link
Contributor

Originally tried "compute-admin" and "compute-storage-admin" scopes but they seemed to not contain enough permissions for attach.

This is a tracking bug to revisit tightening the scopes required to deploy. If "Attach" is not currently supported in the "compute-admin" scope a bug should be opened against GCE Permissions because it definitely should be.
@davidz627 davidz627 mentioned this issue Jun 13, 2018
Merged
@davidz627
Copy link
Contributor Author

Fixed with #8

@davidz627 davidz627 reopened this Jun 19, 2018
@davidz627
Copy link
Contributor Author

compute permissions still break, don't allow disk.create or disk.get even. Tried:
roles/compute.instanceAdmin.v1
roles/compute.admin
roles/compute.storageAdmin

Still using roles/owner for now for it to work. Filed a bug against GCE IAM, waiting for response

@davidz627 davidz627 added this to the Beta milestone Jun 19, 2018
@davidz627 davidz627 mentioned this issue Jun 21, 2018
Merged
@davidz627 davidz627 added the kind/bug Categorizes issue or PR as related to a bug. label Jun 21, 2018
@hantaowang hantaowang mentioned this issue Jul 8, 2019
Open
k8s-ci-robot pushed a commit that referenced this issue Aug 12, 2020
@nikhilkathare
Merge pull request #3 from nikhilkathare/master
cb15d04 
Pull changes from master HEAD to shared-pd branch
@judemars judemars mentioned this issue Nov 17, 2022
Closed
mattcary pushed a commit that referenced this issue Feb 13, 2025
@sjswerdlow
Multiwriter Test Update (#3)
615b44f 
* Changes update the tests to use two contexts, one for multiwriter and one for the existing tests. This was deemed necessary as only some disks can support multi-writer, and only some VM shapes can support said disks.
mattcary pushed a commit to mattcary/gcp-compute-persistent-disk-csi-driver that referenced this issue Feb 13, 2025
@sjswerdlow @mattcary
Multiwriter Test Update (kubernetes-sigs#3)
879546a 
* Changes update the tests to use two contexts, one for multiwriter and one for the existing tests. This was deemed necessary as only some disks can support multi-writer, and only some VM shapes can support said disks.
tonyzhc pushed a commit to tonyzhc/gcp-compute-persistent-disk-csi-driver that referenced this issue Feb 26, 2025
@sjswerdlow @tonyzhc
Multiwriter Test Update (kubernetes-sigs#3)
7890527 
* Changes update the tests to use two contexts, one for multiwriter and one for the existing tests. This was deemed necessary as only some disks can support multi-writer, and only some VM shapes can support said disks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
Beta
Development

No branches or pull requests
1 participant
@davidz627