Why does Kasten require cluster-scoped read operations on Secrets?

29 views Asked by At

We have installed Kasten backup solution on our kubernetes cluster and I noticed that the clusterRole "kube10-admin" has the access on all resources with all verbs (*).

As a central Kubernetes management team in an organization, we would like to give restricted access for Secrets, and just wanted to get an idea around what's the use-case which the operator is supporting.

Why does it need cluster wide access to secrets? Couldn't it just have roles with access to the specific namespaces that it does the backup for?

0

There are 0 answers