Uploaded image for project: 'OpenShift API for Data Protection'
  1. OpenShift API for Data Protection
  2. OADP-5176 Need to revise implication that we support custom RBAC OADP to multi-tenancy.
  3. OADP-5422

(QE) Verify for ( Need to revise implication that we support custom RBAC OADP to multi-tenancy. )

XMLWordPrintable

    • Icon: Sub-task Sub-task
    • Resolution: Done
    • Icon: Undefined Undefined
    • OADP 1.4.2
    • None
    • QE-Task
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ToDo
    • 0
    • 0
    • Very Likely
    • 0
    • None
    • Unset
    • Unknown

      Description of problem:

      While the documentation states the following, users imply that there might be a tested/supported way in OADP 1.4 to limit the namespaces for backup/restore targets for each OADP instance as long as the RBAC settings are carefully adjusted.

      https://docs.openshift.com/container-platform/4.16/backup_and_restore/application_backup_and_restore/installing/about-installing-oadp.html#about-installing-oadp-on-multiple-namespaces_about-installing-oadp

      By default, each OADP deployment has cluster-level access across namespaces. OpenShift Container Platform administrators need to review security and RBAC settings carefully and make any necessary changes to them to ensure that each OADP instance has the correct permissions.

      We do not intend to support this scenario as noted in OADP-5043. Therefore, the revision I suggest is to replace above with

       

      By default, each OADP deployment has cluster-level access across namespaces. OpenShift Container Platform administrators need to review potential impacts carefully such as not backing up/restoring from/into the same namespace concurrently.

       

      Following text also needs to replace "project owners" with "cluster admins"

       

      You can install OpenShift API for Data Protection (OADP) into multiple namespaces on the same cluster so that multiple project owners can manage their own OADP instance. 

       

      Slack: https://redhat-internal.slack.com/archives/C0144ECKUJ0/p1728968322617729?thread_ts=1728627599.380689&cid=C0144ECKUJ0

              Unassigned Unassigned
              talayan@redhat.com Tareq Alayan
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: