Hello everyone, I want to know why does Flyte need...
# flyte-supporti
icy-breakfast-53872
02/20/2025, 4:43 AMHello everyone, I want to know why does Flyte need permission to access all the api groups in cluster as defined over here, is there a specific reason? as according to me Flyte should not need access to all the api groups in cluster
f
freezing-airport-6809
02/20/2025, 5:36 AM
You can provide an update
freezing-airport-6809
02/20/2025, 5:36 AM
This is the default yes
i
icy-breakfast-53872
02/20/2025, 9:46 AMhow can I provide the update? because it is not exposed in values file
a
average-finland-92144
02/20/2025, 4:22 PM@icy-breakfast-53872 right, it's very wide as a ClusterRole and not configurable atm.
My hunch is that this is not needed, you can see how the `flyte-binary`chart has a reduced scope.
From the description I thought it had to do with access to plugin's CRDs but that doesn't seem to be the case.
Removing it confidently would require thorough testing. Would you be open to collaborate/contribute to improve this?
i
icy-breakfast-53872
02/21/2025, 10:07 AMCan we hoist the rules from the template into the values file, so that user can configure whatever they need?
a
average-finland-92144
02/21/2025, 12:44 PMwell adding that block of rules to the values would make it even longer. We could create an optional map that can be merged with the cluster role definition that is set by default in the template. In that way, it works out of the box but if you need to adjust permissions you could do it.
Similar to how flyte-binary does it