Minimum access needed to deploy the RMQ cluster operator to Openshift #795
Replies: 2 comments
-
The manifest used to deploy the Operator requires permissions to create/update the following objects:
Objects that are namespaced are deployed inside
How would you "separate" those resources? By splitting them into different files? What would be the purpose of this?
I haven't seen this sort of information in other operators (e.g. jaeger operator). Since you are installing a new "service" to the cluster, it is a given that you will have access to a privileged user (not necessarily the almighty admin user). |
Beta Was this translation helpful? Give feedback.
-
|
I will convert this issue to a GitHub discussion. Currently GitHub will automatically close and lock the issue even though your question will be transferred and responded to elsewhere. This is to let you know that we do not intend to ignore this but this is how the current GitHub conversion mechanism makes it seem for the users :( |
Beta Was this translation helpful? Give feedback.
-
There are users who deploy the RMQ cluster operator to Openshift. Under regular k8s environments, users would have cluster-admin access. However, Openshift has unique security features and some operators may not want to give cluster-admin access to developers.
Users would like to know: What is the minimum access needed in Openshift to deploy the RMQ cluster operator?
Second part to the question: Is there a way to separate the resources that need cluster-wide access from the resources that need only namespace access.
Can we answer these questions in the documentation.
Beta Was this translation helpful? Give feedback.
All reactions