-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide RBAC rules for virtualmachines-apb #16
Comments
i dont think adding rbac rules will do the trick, as the crd is created within the apb |
@karmab are you saying that the CRD, the API for the VM, doesn't exist until the vm is created so we can't create any rules for it because k8s doesn't what the API we're talking about? Can we create the CRD here? |
actually what i meant is that the apb would be creating a vm object (crd) living in a different namespace than the one it s currently deployed, for me this didnt work, but maybe i m wrong ( and it has to do with the next section ). but it's worse, because even if the apb can create objects in the destination namespace, we would get errors like the following, though the user does belong to the indicated namespace
|
@rthallisey is this still relevant? or did it become obsolete with the latest changes in kubevirt roles mgmt? |
@nellyc closed. Aggregated roles were added. |
kubernetes-deploy: make sure that swap is off
The virtualmachines-apb requires we run as cluster-admin. We should be able to add rbac rules for kubevirt to create for the virtualmachines-apb so that it can run as non cluster-admin.
The text was updated successfully, but these errors were encountered: