Skip to content

feat: Improve user facing roles with dedicated roles #1555

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Improve user facing roles with dedicated roles #1555

wants to merge 1 commit into from
+506 −25

Conversation

@remyj38
Copy link

@remyj38 remyj38 commented Nov 7, 2025

What does this PR do?

Creating two dedicated cluster roles (view and admin) for user facing aggregated roles.

Motivation

User facing aggregated roles were supported since #664 but only aggregating Traefik cluster role to aggregated role.
In my opinion, this is not the right way to implement it as the Traefik cluster role only have view permission to traefik CRDs while admin aggregated role should "allow read/write access to most resources in a namespace".

More

  • Yes, I updated the tests accordingly
  • Yes, I updated the schema accordingly
  • Yes, I ran make test and all the tests passed

@remyj38 remyj38 changed the title feat: Improve user facing roles with specific roles feat: Improve user facing roles with dedicated roles Nov 7, 2025
@remyj38 remyj38 force-pushed the feat/user-facing-roles branch 3 times, most recently from 4650f0c to 7fca278 Compare November 7, 2025 08:19
@remyj38 remyj38 force-pushed the feat/user-facing-roles branch from 7fca278 to 9b90297 Compare November 7, 2025 08:19
@mloiseleur mloiseleur added kind/proposal a proposal that needs to be discussed. kind/enhancement New feature or request labels Nov 10, 2025
@mloiseleur
Copy link
Member

mloiseleur commented Nov 10, 2025

Hello @remyj38 ,

Thank you for your interest.
For the use case, we’re unsure about this need and the traction it will receive. We are going to leave the status as kind/proposal to give the community time to let us know if they would like this idea.

We will reevaluate as people respond.

For the implementation, it would require the maintainers to update rbac in a third file. It's already not ideal with the ClusterRole and the Role.
🤔 So why adding a duplicate rbac file instead of adding write access in the existing rbac when this feature is enabled ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/enhancement New feature or request kind/proposal a proposal that needs to be discussed.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@remyj38 @mloiseleur