Hi folks,
The linked PR here will ensure that the users will not able to apply the CR in a namespace which is not managed by the RHMI/MDC. However, could we not do the same by using the OCP rules? Could we not have a rule that specified the namespaces allowed for the customer? I still think that the solution in the linked PR still not required.
I will do some tests in regards to it.
PS: In this project, we already have a cluster role for the operator which can just be used by the ADMIN of the cluster and a Role to be applied for the dev users.
c/c [~weil] [~dffrench] |
|
