[jboss-jira] [JBoss JIRA] (WFWIP-165) You dont need to be cluster-admin to be able to work with operator on OpenShift
Martin Choma (Jira)
issues at jboss.org
Wed Jul 10 05:08:00 EDT 2019
[ https://issues.jboss.org/browse/WFWIP-165?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Choma updated WFWIP-165:
-------------------------------
Description:
Instructions how to install operator on OpenShift [1] are shown under cluster-admin role.
As role, role-binding and crd are cluster scoped resources I would expect that only cluster-admin can specify that.
However I wouldt expect to have cluster-admin role to be able to deploy application using operator with
oc apply -f deploy/crds/quickstart-cr.yaml
To be able to run this as developer user have to be granted (by cluster-admin) these permission:
{code}
oc create role wildfly-server --verb=* --resource=wildflyservers.wildfly.org -n <namespace>
oc adm policy add-role-to-user wildfly-server developer --role-namespace=<namespace> -n <namespace>
{code}
Please make this clear in install procedure.
[1] https://github.com/wildfly/wildfly-operator#OpenShift
was:
nstructions how to install operator on OpenShift [1] are shown under cluster-admin role.
As role, role-binding and crd are cluster scoped resources I would expect that only cluster-admin can specify that.
However I wouldt expect to have cluster-admin role to be able to deploy application using operator with
oc apply -f deploy/crds/quickstart-cr.yaml
To be able to run this as developer user have to be granted (by cluster-admin) these permission:
{code}
oc create role wildfly-server --verb=* --resource=wildflyservers.wildfly.org -n <namespace>
oc adm policy add-role-to-user wildfly-server developer --role-namespace=<namespace> -n <namespace>
{code}
Please make this clear in install procedure.
[1] https://github.com/wildfly/wildfly-operator#OpenS
> You dont need to be cluster-admin to be able to work with operator on OpenShift
> -------------------------------------------------------------------------------
>
> Key: WFWIP-165
> URL: https://issues.jboss.org/browse/WFWIP-165
> Project: WildFly WIP
> Issue Type: Bug
> Components: OpenShift
> Reporter: Martin Choma
> Assignee: Jeff Mesnil
> Priority: Major
>
> Instructions how to install operator on OpenShift [1] are shown under cluster-admin role.
> As role, role-binding and crd are cluster scoped resources I would expect that only cluster-admin can specify that.
> However I wouldt expect to have cluster-admin role to be able to deploy application using operator with
> oc apply -f deploy/crds/quickstart-cr.yaml
> To be able to run this as developer user have to be granted (by cluster-admin) these permission:
> {code}
> oc create role wildfly-server --verb=* --resource=wildflyservers.wildfly.org -n <namespace>
> oc adm policy add-role-to-user wildfly-server developer --role-namespace=<namespace> -n <namespace>
> {code}
> Please make this clear in install procedure.
> [1] https://github.com/wildfly/wildfly-operator#OpenShift
--
This message was sent by Atlassian Jira
(v7.12.1#712002)
More information about the jboss-jira
mailing list