New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubevirt: add sample Role to grant privileges for non-admin to run v2v #4965
kubevirt: add sample Role to grant privileges for non-admin to run v2v #4965
Conversation
So far, the v2v controller deployment is still managed by the UI. This is planed to be changed but recent state is like that. To allow a non-admin user to run "Import VM" (v2v), read access to the `v2v-vmware` configmap in the `openshift-cnv` namespace needs to be granted. This patch conatins sample `Role` and `RoleBinding` objects to do so for a named user. In a nutshell, to grant access for a non-admin user, the admin needs to: - update/add the name of the user in the `role.v2v-vmware.yaml` - `oc apply -f role.v2v-vmware.yaml` To verify, the non-admin user should get successful result for: - `oc get configmap v2v-vmware -n openshift-cnv -o yaml`
/retest |
Permissions for I will further change the example from a |
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mareklibra, rawagner The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
So far, the v2v controller deployment is still managed by the UI.
This is planed to be changed but recent state is like that.
To allow a non-admin user to run "Import VM" (v2v), read access
to the
v2v-vmware
configmap in theopenshift-cnv
namespaceneeds to be granted.
This patch contains sample
Role
andRoleBinding
objects to do so fora named user.
In a nutshell, to grant access for a non-admin user, the admin needs to:
role.v2v-vmware.yaml
oc apply -f role.v2v-vmware.yaml
To verify, the non-admin user should get successful result for:
oc get configmap v2v-vmware -n openshift-cnv -o yaml
Permissions to access
kubevirt-storage-class-defaults
configmap were removed from this PR in favor of kubevirt/hyperconverged-cluster-operator#498 . However, the user needs to have read access to this configmap to be able to start v2v.As a workaround till kubevirt/hyperconverged-cluster-operator#498 lands, corresponding row in the
role.v2v-vmware.yaml
can be uncommented.