Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1802

Deny StatefullSet to bypass RBAC to create persistentVolumeClaimTemplates

XMLWordPrintable

    • False
    • False
    • Undefined

      1. Proposed title of this feature request
        User can't bypass rbac with a StatefulSet volumeClaimTemplates.
      2. What is the nature and description of the request?
        We notice that when a user create a StatefulSet with a volumeClaimTemplates, he can provision persistentVolumeClaim even if his user didn't have right to create persistentVolumeClaim object.
      3. Why does the customer need this? (List the business requirements here)
        Our users do not have the right to create persistent volume claim (specific role in the project). Actually, they can by pass this restriction with statefulset.
      4. How would you like to achieve this? (List the functional requirements here)
        Prohibit the use of volumeClaimTemplates in a statefulset. I could be done via an operator with hooks like the "Cluster resource override operator" for example.
      5. List any affected packages or components
        statefulset

      This issue is reported in Bug 1935738 and closed as a NOTABUG

              anachand Anandnatraj Chandramohan (Inactive)
              rhn-support-anr Anand R
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: