CSV support for ClusterRoles #473
Comments
|
Hi @darkowlzz, support for creating ClusterRoles is coming very soon (~1wk). |
|
See #477 for progress here |
|
Forgot to come back and update this - ClusterRole support is in via the |
|
this isn't working for me, any tips to debug? Added clusterPermissions to my csv, the field gets validated, but no clusterRoles nor clusterRoleBindings get created and installation proceeds then fails since the permissions aren't there. olm logs show nothing interesting: I tried grepping for this line but found nothing |
|
@wongma7 Are you installing your CSV via |
|
@njhale I'm manually creating it. So if I am understanding correctly, the InstallPlan would tell the Catalog Operator to create the clusterrole and clusterrolebinding the same way it can tell the Catalog Operator to create a CRD? will the clusterrole and clsuterrolebinding have a deterministic name so that i can make them |
|
NVM about the name, I see now it doesn't change the manifest...asked because I noticed the roles created by OLM have some generated part at the end. |
StrategyDeploymentPermissionsin CSVspec.install.spec.permissionssupports specifying rules for RBACRolesonly, as per https://github.com/operator-framework/operator-lifecycle-manager/blob/master/pkg/controller/install/deployment.go#L78-L80 .Is there a way to add ClusterRoles? I've an operator that needs access to node, persistentvolumeclaim and storageclass, which are cluster level access.
While deploying without OLM, for RBAC permissions, I create a ClusterRole and ClusterRoleBinding, and bind the ClusterRole to the ServiceAccount of my operator.
If this support can be added in the future, I can try implementing it and create a PR.
The text was updated successfully, but these errors were encountered: