Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-14530

Update existing MCE docs to show hypershift-operator cluster role

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      Describe the changes in the doc and link to your dev story

      Provide info for the following steps:

      1. - [x] Mandatory Add the required version to the Fix version/s field.

      2. - [x] Mandatory Choose the type of documentation change.

            - [ ] New topic in an existing section or new section
            - [x] Update to an existing topic

      3. - [x] Mandatory for GA content:
             When the hypershift/hosted control plane feature is enabled during the MCE deployment a cluster-role called hypershift-operator is created. This cluster role has all of the necessary permissions to CRUD hcp cluster deployments without giving the user cluster-admin     
             - [x] Add steps and/or other important conceptual information here: 
            1. Create a clusterrolebinding and assign to a user or group:

       

      oc create clusterrolebinding <hypershift-operator> --clusterrole=hypershift-operator --user=<user_name>

                  
             - [x] Add Required access level for the user to complete the task here:
             cluster-admin is necessary to create the clusterrolebinding

       

             - [x] Add verification at the end of the task, how does the user verify success (a command to run or a result to see?)
           - As the configured user with applied rbac, create and delete a hosted cluster using the steps outlined here (if using aws)
           
             - [ ] Add link to dev story here:

      4. - [ ] Mandatory for bugs: What is the diff? Clearly define what the problem is, what the change is, and link to the current documentation:

      • The current issue is that the documented rbac for mce does not specify which role to use specifically for CRUD operations on a HCP.
      • The requested change is to add hypershift-operator and its purpose to the table of definitions
      • Some of the issues experienced are when my team provisions clusters through hypershift - will inadvertently start a deployment on the management cluster vs. the managed cluster causing performance degradation and service availability issues. 
        • Applying this role allows them the necessary permissions to still have self-service cluster deployment without having to compromise anything else. 

              rokejungrh Roke Jung
              rhn-jrickard Jonathan Rickard
              David Huynh David Huynh
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: