Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1802

Deny StatefullSet to bypass RBAC to create persistentVolumeClaimTemplates

    XMLWordPrintable

Details

    • False
    • False
    • 0
    • 0% 0%
    • Undefined

    Description

      1. Proposed title of this feature request
        User can't bypass rbac with a StatefulSet volumeClaimTemplates.
      2. What is the nature and description of the request?
        We notice that when a user create a StatefulSet with a volumeClaimTemplates, he can provision persistentVolumeClaim even if his user didn't have right to create persistentVolumeClaim object.
      3. Why does the customer need this? (List the business requirements here)
        Our users do not have the right to create persistent volume claim (specific role in the project). Actually, they can by pass this restriction with statefulset.
      4. How would you like to achieve this? (List the functional requirements here)
        Prohibit the use of volumeClaimTemplates in a statefulset. I could be done via an operator with hooks like the "Cluster resource override operator" for example.
      5. List any affected packages or components
        statefulset

      This issue is reported in Bug 1935738 and closed as a NOTABUG

      Attachments

        Activity

          People

            anachand Anandnatraj Chandramohan (Inactive)
            rhn-support-anr Anand R
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: