astefanutti commented on issue #2950:
URL: https://github.com/apache/camel-k/issues/2950#issuecomment-1023486110
Thanks a lot for your feedback.
Would you know if the `duck.knative.dev/addressable=true`, as in the example
taken from the Knative documentation to extend Knative itself with the extra
permissions, is a "standard" Knative label:
```yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kafkasinks-addressable-resolver
labels:
kafka.eventing.knative.dev/release: devel
duck.knative.dev/addressable: "true"
# Do not use this role directly. These rules will be added to the
"addressable-resolver" role.
rules:
- apiGroups:
- eventing.knative.dev
resources:
- kafkasinks
- kafkasinks/status
verbs:
- get
- list
- watch
```
If that it's the case, it may be possible to create an aggregated role, like:
```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: camel-k-operator-knative-sinks
aggregationRule:
clusterRoleSelectors:
- matchLabels:
duck.knative.dev/addressable: "true"
rules: []
```
And have the Kubernetes control plane automatically update it with the
aggregated rules.
WDYT?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
