-
Notifications
You must be signed in to change notification settings - Fork 818
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grant GKE service account "Container Analysis Occurrences Viewer" role #803
Comments
I think ultimately the PR for this boils down to adding another special-cased grant in |
I wonder if we can turn that into pub-sub or something less intrusive |
Do you mean adding a pub-sub layer and letting third parties consume those pub-sub messages (instead of having direct access as |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Rotten issues close after 30d of inactivity. Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
@fejta-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
It appears that Container Analysis Service is already turned on for
k8s-artifacts-prod
. But in order to consume this information (e.g., cloud vendors such as GKE), the "Container Analysis Occurrences Viewer" role must be granted to the vendor. For GKE, the service account that needs this role isvulnerability@gke-release-staging.iam.gserviceaccount.com
./cc @thockin @destijl @simony-gke
The text was updated successfully, but these errors were encountered: