Remove dependency on cluster-admin role #128
Assignees
Labels
chore
General upkeep of the repository, not a bug or enhancement
Comments
This was referenced Mar 28, 2022
nastacio
added
the
chore
This was referenced Apr 1, 2022
|
CP4BA and CP4D have since introduced support for this type of installation, where the cluster admin can authorize a service account with narrower privileges, dedicated to the sole purpose of installing the Pak. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Many of the Cloud Paks installations have dependencies on having the
cluster-adminrole assigned to the user performing the installation. This is often unnecessary and a problem for many installations, where security policy require minimum privilege assigned to all roles.To Reproduce
N/A, stated in the installation section of product documentation:
Expected behavior
Remove the assignment of
cluster-adminroles to the ArgoCDopenshift-gitops-argocd-application-controllerservice account and replace it with the creation of newRole(orClusterRole) with the minimum set of privileges required to install the product.Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: