Details
-
Bug
-
Resolution: Won't Do
-
Major
-
2.1.0.GA, 2.1.1.GA
Description
The customer in an organization with a strict security policy is not able to install CodeReady Workspaces v2.1.1 on OCP 3.11 cluster with the crwctl utility which requires a user with cluster-admin privileges.
_CodeReady Workspaces v2.1 currently requires to launch a script with cluster-admin rights.
This is not possible in our organization:
- The SRE who owns cluster-admin role cannot take over the deployment of an application,
- Application owners cannot get Cluster Admin rights.
So, according to the principle of least privilege, we would need to have 2 sets of templates in order to install CodeReady Workspaces:
- One with cluster-level objects (clusterroles, rolebindings, scc if any) that SRE will deploy,
- One that can be deployed with Namespace admin rights._