Uploaded image for project: 'OpenShift CFE'
  1. OpenShift CFE
  2. CFE-391

As a developer I want to restrict which clusterrolebindings the ALB operator can create.

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • network-edge
    • 2
    • False
    • None
    • False
    • 0

      Any ClusterRole can be added to the to an operator bundle which will be created by OLM.

      Ref: https://coreos.slack.com/archives/C3VS0LV41/p1649330489147599

      The upstream controller ClusterRole should be added into the bundle directly instead of adding it to the config.

      We should also restrict the operator to bind only to that ClusterRole as explained in

      https://kubernetes.io/docs/reference/access-authn-authz/rbac/#restrictions-on-role-binding-creation-or-update

       

      Acceptance Criteria:

      • Make targets are updated.
      • Deployment docs are updated
      • The bind permission is added into the operator code with fixed reference.

            alebedev@redhat.com Andrey Lebedev
            anaik.openshift Arjun Naik (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: