Remove the Kubernetes configuration file permissions check#13338
Remove the Kubernetes configuration file permissions check#13338mattfarina merged 1 commit intohelm:mainfrom
Conversation
See helm#13320 (comment) Signed-off-by: Yarden Shoham <git@yardenshoham.com>
sundaram2021
left a comment
There was a problem hiding this comment.
This PR correctly addresses an outdated security check that no longer aligns with modern Helm use cases. The reasoning for removal is solid, especially considering that other Kubernetes tools no longer enforce this check. By removing it, Helm avoids generating unnecessary warnings in valid deployment scenarios (e.g., mounted kubeconfig secrets).
Suggested Improvements:
Ensure documentation is updated, informing users that permissions checks are no longer enforced.
If possible, provide a note about alternative ways users can enforce security checks on kubeconfig files outside Helm.
|
i would think release notes would be enough documentation for this change. |
mattfarina
left a comment
There was a problem hiding this comment.
There are a couple reasons to remove this check:
- When Helm is used in a container running in Kubernetes and the kubeconfig is mounted as a file via a secret you cannot control the permissions and these messages show up. This is a common enough occurance.
- Helm is not the creator or maintainer of this configuration file. The tools that "own" this file are not providing these messages so why should Helm?
Note, this check was added as part of a security review and was debatable at the time.
See #13320 (comment)
What this PR does / why we need it:
We remove an out-of-scope check.