Skip to content

Removing cert keys from cm #55

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
salaboy wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Removing cert keys from cm #55

salaboy wants to merge 1 commit into from

Conversation

@salaboy
Copy link
Collaborator

@salaboy salaboy commented Sep 20, 2024

  • removing unneded env variables related to certificates from init container.

@salaboy
removing cert keys from cm
3caaf37 
Signed-off-by: salaboy <Salaboy@gmail.com>
@salaboy
Copy link
Collaborator Author

salaboy commented Sep 23, 2024

@JoshVanL @yaron2 please review and let me know if I can release a new version of the dapr-shared init container and helm chart

@JoshVanL
Copy link

JoshVanL commented Sep 23, 2024

@salaboy we need to update the RBAC permissions as well- we currently can get secrets in all namespaces, as well as read/write ConfigMaps in all namespaces.

@salaboy
Copy link
Collaborator Author

salaboy commented Sep 23, 2024

@JoshVanL that is a good point.. I will check that too

@salaboy
Copy link
Collaborator Author

salaboy commented Sep 24, 2024

@JoshVanL is there any recommended scope that we should use? Should I copy the RBAC from another component?

@JoshVanL
Copy link

JoshVanL commented Sep 24, 2024

@salaboy dapr shared shouldn't need any ClusterRoles at all.

@salaboy
Copy link
Collaborator Author

salaboy commented Sep 24, 2024

@JoshVanL it is still creating the trustAnchors, so I cannot remove that: https://github.com/dapr/dapr-shared/pull/55/files#diff-5d8856ed15898b2dea56cb4fa7df355bef86cefe2e25eef4853b2d23a3b0fedfR77

@salaboy
Copy link
Collaborator Author

salaboy commented Sep 25, 2024

TODO:

  • Create a Job on the dapr-system namespace to do the init container bit for the trust anchors
  • Create a new Service Account that lives in the dapr-system namespace to enable the copy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@salaboy @JoshVanL