Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-843

It is not possible to install CRW on OCP 3.11 without cluster-admin privileges

    XMLWordPrintable

Details

    Description

      The customer in an organization with a strict security policy is not able to install CodeReady Workspaces v2.1.1 on OCP 3.11 cluster with the crwctl utility which requires a user with cluster-admin privileges.

      _CodeReady Workspaces v2.1 currently requires to launch a script with cluster-admin rights.
      This is not possible in our organization:
      - The SRE who owns cluster-admin role cannot take over the deployment of an application,
      - Application owners cannot get Cluster Admin rights.

      So, according to the principle of least privilege, we would need to have 2 sets of templates in order to install CodeReady Workspaces:
      - One with cluster-level objects (clusterroles, rolebindings, scc if any) that SRE will deploy,
      - One that can be deployed with Namespace admin rights._

      Attachments

        Activity

          People

            abazko Anatolii Bazko
            rhn-support-rludva Radomir Ludva
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: