Explore least-privilege RBAC setup for builders

[dhiltgen]

Describe the problem/challenge you have
On clusters with locked down RBAC settings, the builder will fail to start. Asking the user to figure out how to alter their RBAC settings on their own will be confusing for novice users.

Description of the solution you'd like

We should explore setting up a least-privilege model where users can pass a flag to kubectl buildkit create where we set up just the RBAC settings necessary for the builder to work properly, tuned to the configuration at hand. Suggesting this option could then be wired into the error path when we detect permission problems when the flag isn't being used. See #24

Design/Architecture Details

TBD

Environment Details:

• kubectl buildkit version (use kubectl buildkit version)

v0.1.0

• Kubernetes version (use kubectl version)

TBD

• Where are you running kubernetes (e.g., bare metal, vSphere Tanzu, Cloud Provider xKS, etc.)

vSphere Tanzu provides a good "locked down" environment to test with

• Container Runtime and version (e.g. containerd sudo ctr version or dockerd docker version on one of your kubernetes worker nodes)

NA

Vote on this request

This is an invitation to the community to vote on issues. Use the "smiley face" up to the right of this comment to vote.

• 👍 "This project will be more useful if this feature were added"
• 👎 "This feature will not enhance the project in a meaningful way"