Security concern related with Operator-SDK
The following discussion from !9 (merged) should be addressed:
-
@alossent started a discussion: I'm really not comfortable with granting all these permissions to the serviceAccount of pods where we run arbitrary user code, possibly vulnerable to script injection. I think it confirms we must redo the webeos-config-operator as a simple controller, detached from the operator-sdk
Needs webeos-config-operator#10 (comment 3381823) and https://gitlab.cern.ch/webservices/webframeworks-planning/issues/27#note_3381837
Edited by Joao Esteves Marcal