Value Statement

In 2.14, there was a policy that we enabled to install the kubevirt roles on the hub cluster. The kubevirt roles have a specific label that UI picks up. If labeled roles are missing on hub, then the fine grained rbac UI will not display them. We need to spend some time testing this and try to find a better/working solution. 1 main problem is that now we are requiring that CNV be installed on the hub for the ACM/CNV multicluster tree view. Because of this, when CNV is installed, it will overwrite the labels.

1 possible solution is to try and force the policy to stay in Enforce mode. Another option which might be better would be to include the labeled kubevirt roles inside this addon template:
https://issues.redhat.com/browse/ACM-22869

Decide whether role names should be the same, or if they should be renamed (acm-kubevirt.io:admin). We need a way to prevent CNV from overwriting our labeled kubevirt roles.

Definition of Done for Engineering Story Owner (Checklist)

• ...

Development Complete

• The code is complete.
• Functionality is working.
• Any required downstream Docker file changes are made.

Tests Automated

• Should test fine grain Rba enable first and then install CNV to see 
  kubevirt.io: roles are applies properly*

Secure Design

• [ ] Security has been assessed and incorporated into your threat model.

Multidisciplinary Teams Readiness

• [ ] Create an informative documentation issue using the Customer

Portal Doc template that you can access from [The Playbook](

https://docs.google.com/document/d/1YTqpZRH54Bnn4WJ2nZmjaCoiRtqmrc2w6DdQxe_yLZ8/edit#heading=h.9fvyr2rdriby),

and ensure doc acceptance criteria is met.

• Call out this sentence as it's own action:

• [ ] Link the development issue to the doc issue.

Support Readiness

• [ ] The must-gather script has been updated.