We are in a middle of a POC project where we want to offer the Openshfit Kubernetes Engine (OKE) solution to some of our customers.
We know that OKE deployment is similar to OCP deployment, the major difference being the number of components that are supported , OKE being a more stripped version of OCP.
We have the following issue though:
The criteria on which those non-supported components shouldn't be used on OKE is based on trust, meaning that installing an operator that is not permitted or using a cluster functionality that is not permitted will be violation of the Red Hat Subscription Agreement.
We offer our clusters internally to multiple teams, we don't really use them ourselves.
Most of those teams already have admin rights enabled for their ArgoCD deployments, which means a wrong copy/paste from a source or some accidental code could do something on the cluster that will 'break the trust' and we will be in the violation of the agreement.
We'd like to know if there is a possibility to enforce some rules to prevent those accidental deployments via RBAC or something else.
If not, is it possible to create a future request for the developer teams to implement such a thing ?