-
Ticket
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
False
-
-
False
-
?
-
?
-
-
-
EDPM
Use case: As a cloud operator I would like to install the EDPM operator in shared cluster.
EDPM operator is not considered safe its clusterRole can read/write the secrets and configmaps in all the namespaces in the cluster.
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: dataplane-operator.v0.0.1-86b6d6467c uid: bc9f0cfe-2c65-4348-aaf4-9f124618450f resourceVersion: '225951' creationTimestamp: '2023-10-09T13:22:44Z' labels: olm.owner: dataplane-operator.v0.0.1 olm.owner.kind: ClusterServiceVersion olm.owner.namespace: openstack-operators operators.coreos.com/dataplane-operator.openstack-operators: '' managedFields: - manager: catalog operation: Update apiVersion: rbac.authorization.k8s.io/v1 time: '2023-10-09T13:22:44Z' fieldsType: FieldsV1 fieldsV1: 'f:metadata': 'f:labels': .: {} 'f:olm.owner': {} 'f:olm.owner.kind': {} 'f:olm.owner.namespace': {} 'f:rules': {} - manager: olm operation: Update apiVersion: rbac.authorization.k8s.io/v1 time: '2023-10-09T13:25:16Z' fieldsType: FieldsV1 fieldsV1: 'f:metadata': 'f:labels': 'f:operators.coreos.com/dataplane-operator.openstack-operators': {} rules: - verbs: - create - delete - get - list - patch - update - watch apiGroups: - ansibleee.openstack.org resources: - openstackansibleees - verbs: - create - delete - get - list - patch - update - watch apiGroups: - baremetal.openstack.org resources: - openstackbaremetalsets - verbs: - create - delete - get - list - patch - update - watch apiGroups: - batch resources: - jobs - verbs: - create - delete - get - list - patch - update - watch apiGroups: - '' resources: - configmaps - verbs: - create - delete - get - list - patch - update - watch apiGroups: - '' resources: - secrets - verbs: - create - delete - get - list - patch - update - watch apiGroups: - dataplane.openstack.org resources: - openstackdataplanenodes - verbs: - create - delete - get - list - patch - update - watch apiGroups: - dataplane.openstack.org resources: - openstackdataplanenodes - openstackdataplaneroles - verbs: - update apiGroups: - dataplane.openstack.org resources: - openstackdataplanenodes/finalizers - verbs: - get - patch - update apiGroups: - dataplane.openstack.org resources: - openstackdataplanenodes/status - verbs: - create - delete - get - list - patch - update - watch apiGroups: - dataplane.openstack.org resources: - openstackdataplaneroles - verbs: - update apiGroups: - dataplane.openstack.org resources: - openstackdataplaneroles/finalizers - verbs: - get - patch - update apiGroups: - dataplane.openstack.org resources: - openstackdataplaneroles/status - verbs: - create - delete - get - list - patch - update - watch apiGroups: - dataplane.openstack.org resources: - openstackdataplanes - verbs: - update apiGroups: - dataplane.openstack.org resources: - openstackdataplanes/finalizers - verbs: - get - patch - update apiGroups: - dataplane.openstack.org resources: - openstackdataplanes/status - verbs: - create - delete - get - list - patch - update - watch apiGroups: - dataplane.openstack.org resources: - openstackdataplaneservices - verbs: - update apiGroups: - dataplane.openstack.org resources: - openstackdataplaneservices/finalizers - verbs: - get - patch - update apiGroups: - dataplane.openstack.org resources: - openstackdataplaneservices/status - verbs: - get - list - watch apiGroups: - k8s.cni.cncf.io resources: - network-attachment-definitions - verbs: - create - delete - get - list - patch - update - watch apiGroups: - network.openstack.org resources: - dnsdata - verbs: - update apiGroups: - network.openstack.org resources: - dnsdata/finalizers - verbs: - get apiGroups: - network.openstack.org resources: - dnsdata/status - verbs: - get - list - watch apiGroups: - network.openstack.org resources: - dnsmasqs - verbs: - get apiGroups: - network.openstack.org resources: - dnsmasqs/status - verbs: - create - delete - get - list - patch - update - watch apiGroups: - network.openstack.org resources: - ipsets - verbs: - update apiGroups: - network.openstack.org resources: - ipsets/finalizers - verbs: - get apiGroups: - network.openstack.org resources: - ipsets/status - verbs: - get - list - watch apiGroups: - network.openstack.org resources: - netconfigs - verbs: - create - delete - get - list - patch - update - watch apiGroups: - nova.openstack.org resources: - novaexternalcomputes - verbs: - create apiGroups: - authentication.k8s.io resources: - tokenreviews - verbs: - create apiGroups: - authorization.k8s.io resources: - subjectaccessreviews
Use case: As a cloud operator I would like the EDPM operator to deploy a job per compute node. For instance when configuration fails in one specific compute when deploying multiple compute nodes shouldn't affect the deployment of the other compute nodes.
Use case: As a cloud operator I would like add a service to configure custom hardware of a compute node.
