New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHDEVDOCS-3817 - Added cluster permission management #47457
RHDEVDOCS-3817 - Added cluster permission management #47457
Conversation
/lgtm |
@bluengo: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have some comments.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have some more comments.
/lgtm |
New changes are detected. LGTM label has been removed. |
84f3bbb
to
460d54f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some suggestions, but looks good overall.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a few additional comments from Rolfe's review.
Today I learned: if using object language, use backticks and add the word "object" or "resource".
Natural language equivalent: To add permissions, you create a cluster role with the additional permissions, and then create a cluster role binding to associate that role with a service account.
Object language equivalent: To add permissions, you create a ClusterRole
object with the additional permissions, and then create a new ClusterRoleBinding
object to associate the ClusterRole
object with a ServiceAccount
object.
d96c402
to
c5f2b7b
Compare
I have followed the OpenShift Peer Review Checklist > (for writers) |
made review changes made review changes made review changes made review changes made review changes made review changes made review changes
9396c40
to
2aa1fc1
Compare
/cherry-pick enterprise-4.10 |
/cherry-pick enterprise-4.11 |
@JStickler: new pull request created: #47853 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@JStickler: new pull request created: #47855 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
.Procedure | ||
|
||
. Log in to the {product-title} web console as an admin. | ||
. In the wev console, select **User Management** -> **Roles** -> **Create Role**. Use the following `ClusterRole` YAML template to add rules to specify the additional permissions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the web console,
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@rolfedh Why are you leaving new review comments on a PR that was merged almost eight weeks ago?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@JStickler As part of my review to be granted merge rights, I received some feedback on PRs that I created or reviewed recently. Some of these are issues I missed, others are guidelines I wasn't aware of. I'm passing along some of those items to folks whose PRs I reviewed. I also messaged the PR owners directly in Slack to let them know that this is what I was doing.
resources: ["secrets"] | ||
verbs: ["*"] | ||
---- | ||
. Click **Create** to add the cluster role. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use a single asterisk to apply bold formatting.
|
||
[NOTE] | ||
==== | ||
Argo CD does not have cluster-admin permissions. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cluster-admin
|Resource Groups | Configure the user or administrator | ||
|`operators.coreos.com` | Optional Operators managed by OLM | ||
|`user.openshift.io` , `rbac.authorization.k8s.io` | Groups, Users and their permissions | ||
|`config.openshift.io` | Control plane Operators managed by CVO used to configure cluster-wide build configuration, registry configuration and scheduler policies |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Configure the user or administrator.
Groups, Users, and their permissions.
by Cluster Version Operator (CVO)...build configuration, registry configuration, and scheduler policies.
Please spell out the first instance of an initialism, add serial commas, and add end punctuation.
==== | ||
|
||
Permissions for the Argo CD instance: | ||
|=== |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
openshift-docs prefers table formatting like this: https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/doc_guidelines.adoc#alternative-footnote-styling-in-tables
Aligned team: Dev Tools
OCP version for cherry-picking: enterprise-4.10, 4.11
JIRA issue:
https://issues.redhat.com/browse/RHDEVDOCS-3817
Preview pages: https://drive.google.com/file/d/1y7gDNX7r5kIFn4ld0NcWtgDUCO70IhxJ/view?usp=sharing
SME+QE review: @jannfis @bluengo
Peer-review: @gabriel-rh @rolfedh