Question on Controller Tradeoffs #6
Description
Hi! I'm only just learning about the Achilles framework and modelling the work of the controller as a FSM is a cool idea!
I just had some small questions on this example controller - mostly, I wonder if there's a good write-up on the particulars of this controller's workload. It seems like the work of the reconciler for an AccessToken object is to decompose it into the set of declarative manifests from core Kubernetes that achieve the same effect. Assuming there's some Git-Opsy way to deliver Kubernetes manifests to the cluster already, it seems like it might be better to just let users apply Roles, etc, as the controller has build+maintenance costs and the permissions set for this controller in particular (or any actor with permissions to create AccessTokens) are a great target for attackers, as they can easily escalate to full root privileges over everything.
I understand that this is just an example, so I hope I didn't come off as too pedantic - but I think the example would be much more compelling perhaps with a different subject!