RHDEVDOCS-3817 - Added cluster permission management #47457
Conversation
openshift-ci
bot
added
the
size/M
|
/lgtm |
|
@bluengo: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/lgtm |
openshift-ci
bot
added
lgtm
|
New changes are detected. LGTM label has been removed. |
DebarghoGhosh
force-pushed
the
cluster-configuration-3817
branch
from
84f3bbb
to
460d54f
Compare
There was a problem hiding this comment.
Just a few additional comments from Rolfe's review.
Today I learned: if using object language, use backticks and add the word "object" or "resource".
Natural language equivalent: To add permissions, you create a cluster role with the additional permissions, and then create a cluster role binding to associate that role with a service account.
Object language equivalent: To add permissions, you create a ClusterRole object with the additional permissions, and then create a new ClusterRoleBinding object to associate the ClusterRole object with a ServiceAccount object.
DebarghoGhosh
force-pushed
the
cluster-configuration-3817
branch
from
d96c402
to
c5f2b7b
Compare
|
I have followed the OpenShift Peer Review Checklist > (for writers) |
JStickler
added
dev-tools
made review changes made review changes made review changes made review changes made review changes made review changes made review changes
DebarghoGhosh
force-pushed
the
cluster-configuration-3817
branch
from
9396c40
to
2aa1fc1
Compare
|
/cherry-pick enterprise-4.10 |
|
/cherry-pick enterprise-4.11 |
|
@JStickler: new pull request created: #47853 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@JStickler: new pull request created: #47855 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| .Procedure | ||
|
|
||
| . Log in to the {product-title} web console as an admin. | ||
| . In the wev console, select **User Management** -> **Roles** -> **Create Role**. Use the following `ClusterRole` YAML template to add rules to specify the additional permissions. |
There was a problem hiding this comment.
@rolfedh Why are you leaving new review comments on a PR that was merged almost eight weeks ago?
There was a problem hiding this comment.
@JStickler As part of my review to be granted merge rights, I received some feedback on PRs that I created or reviewed recently. Some of these are issues I missed, others are guidelines I wasn't aware of. I'm passing along some of those items to folks whose PRs I reviewed. I also messaged the PR owners directly in Slack to let them know that this is what I was doing.
| resources: ["secrets"] | ||
| verbs: ["*"] | ||
| ---- | ||
| . Click **Create** to add the cluster role. |
There was a problem hiding this comment.
You can use a single asterisk to apply bold formatting.
|
|
||
| [NOTE] | ||
| ==== | ||
| Argo CD does not have cluster-admin permissions. |
| |Resource Groups | Configure the user or administrator | ||
| |`operators.coreos.com` | Optional Operators managed by OLM | ||
| |`user.openshift.io` , `rbac.authorization.k8s.io` | Groups, Users and their permissions | ||
| |`config.openshift.io` | Control plane Operators managed by CVO used to configure cluster-wide build configuration, registry configuration and scheduler policies |
There was a problem hiding this comment.
Configure the user or administrator.Groups, Users, and their permissions.by Cluster Version Operator (CVO)...build configuration, registry configuration, and scheduler policies.
Please spell out the first instance of an initialism, add serial commas, and add end punctuation.
| ==== | ||
|
|
||
| Permissions for the Argo CD instance: | ||
| |=== |
There was a problem hiding this comment.
openshift-docs prefers table formatting like this: https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/doc_guidelines.adoc#alternative-footnote-styling-in-tables
Aligned team: Dev Tools
OCP version for cherry-picking: enterprise-4.10, 4.11
JIRA issue:
https://issues.redhat.com/browse/RHDEVDOCS-3817
Preview pages: https://drive.google.com/file/d/1y7gDNX7r5kIFn4ld0NcWtgDUCO70IhxJ/view?usp=sharing
SME+QE review: @jannfis @bluengo
Peer-review: @gabriel-rh @rolfedh