-
Task
-
Resolution: Done
-
Major
-
ACM 2.15.0
-
Product / Portfolio Work
-
5
-
False
-
-
False
-
-
-
Workload Mgmt Train 28 - 2, Workload Mgmt Train 29 - 1
-
None
Using the aggregate API server for fine grained RBAC that CNV is currently using, create a design POC that can life-cycle manage remote HCP fleet.
Now that the aggregated API server is available, each component will need to determine if/where it applies. For example, for search discovered Applications, search is NOW able to filter the results by namespace on the cluster. (right now it uses CNV roleBindings, but it could be tweaked if you creating some default Argo CD role bindings (as an example).HCP is another example, where fine grained RBAC on the MCE clusters that an ACM manages could be achieved and the ManagedCluster level integration of this work with ClusterPermissions is key.So now that CNV has set the ground work, and the Aggregate API server for fine grained RBAC (namespace level) access auth) is available, the squads need to come up with how they will use this.
Aggregate API server ppt https://docs.google.com/presentation/d/1-3M8fSRjWVAws8as_t_3tK5lp951444t8WrviuW7odY/edit#slide=id.g34bec43b11d_0_7
Aggregate API server demo https://drive.google.com/file/d/1YxLyWoT2qnJucjj1CyHVxMHjZhlXKxpC/view