Add support for enabling/disabling the replication of object types #335
Conversation
Signed-off-by: Aljoscha Poertner <[email protected]>
Signed-off-by: Aljoscha Poertner <[email protected]>
Signed-off-by: Aljoscha Poertner <[email protected]>
|
@martin-helmich For now, I added the flags as examples to the args in the helm values. I could also introduce separate values and toggle also the RBAC (as you wrote in the issue). Should I do that or leave it like this? 😊 |
There was a problem hiding this comment.
Hey @aljoshare! Thanks for the contribution! 👍
I could also introduce separate values and toggle also the RBAC (as you wrote in the issue). Should I do that or leave it like this? 😊
I think for a least-privilege implementation, it would absolutely make sense to also tailor the RBAC roles on the desired replication targets. We can leave this PR as-is, and add that in a follow-up PR (in which case I'd be happy merging this), or adjust this PR -- whatever you prefer. 🙂
Signed-off-by: Aljoscha Poertner <[email protected]>
|
@martin-helmich I added a separate config for the toggles, added them directly to the deployment and refactored the RBAC a little to make it more readable with flow control. There is one thing which is maybe not backward compatible: If someone copied the |
|
@martin-helmich Ping 😇 |
I'm not sure if this is actually breaking; IIRC, |
No problem 😊 Thank you! |
This PR adds the support for enabling or disabling the replication of object types and strengthens the principle of least privilege. For example, you can now disable the replication of roles, role bindings or service accounts if thats not needed for your use case.
Fixes #284