k-space/kube
12
1
Fork 3
Code Issues 62 Pull Requests 1 Wiki Activity

Mailbox-only service-account role #65

New Issue
Closed
opened 2025-02-25 20:56:36 +00:00 by rasmus · 2 comments
rasmus commented 2025-02-25 20:56:36 +00:00
Owner
Copy Link

image.png

I think svc accounts shouldn't have k-space:floor on them. It also complicates billing (if access then bill).

  1. Does removing them hurt deliverability? Probably no?
  2. Impersonate wouldn't work, k-space:friends is an option, in theory, or just k-space:mailservice new / separate role?
![image.png](/attachments/1f605a19-1e83-41d8-9a92-49cfaef78b8f) I think svc accounts shouldn't have `k-space:floor` on them. It also complicates billing (if access then bill). 1. Does removing them hurt deliverability? Probably no? 2. Impersonate wouldn't work, `k-space:friends` is an option, in theory, or just `k-space:mailservice` new / separate role?
image.png
30 KiB
eaas was assigned by rasmus 2025-02-25 20:56:36 +00:00
eaas commented 2025-04-21 08:53:49 +00:00
Owner
Copy Link

Wildduck components have k-space:floor whitelisted here and there but it shouldn't matter as none of those account are meant to access any ingress. And these are arbitrary groups so just change those to proposed k-space:mailservice but add that group here

wildduck/wildduck-operator.yaml Line 25 in f82caf1751
value: k-space:friends,k-space:floor

Wildduck components have k-space:floor whitelisted here and there but it shouldn't matter as none of those account are meant to access any ingress. And these are arbitrary groups so just change those to proposed k-space:mailservice but add that group here https://git.k-space.ee/k-space/kube/src/commit/f82caf175148a87811b0a906461b4364729ae069/wildduck/wildduck-operator.yaml#L25
rasmus commented 2025-04-22 13:43:52 +00:00
Author
Owner
Copy Link

Closed with ce2e6568b1 and 96ea54064c

Closed with https://git.k-space.ee/k-space/kube/commit/ce2e6568b1bc7f4a863a21a02fca3f9e4053d06b and https://git.k-space.ee/k-space/members/commit/96ea54064cc4ccd7b6616acf5c9bbed761af8db3
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
new app
shiny
disposal
Liability in safety, usability, space, or upkeep. It doesn't provide enough meaningful historical value (museum) nor personal interest.
enchancement
Improving the existing
greenlit
The stars have aligned: Orders have arrived, plan has been laid, only hands are needed. Just do it!
upkeep
Subjects of maintenance
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
akpall arti artur dos4dev eaas erki kkuusk lauri madis plaes rasmus sander savva
No Assignees eaas
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: k-space/kube#65
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?