Uploaded image for project: 'Docs for Red Hat Developers'
  1. Docs for Red Hat Developers
  2. RHDEVDOCS-3304

Document disabling the default Pipeline SA

XMLWordPrintable

    • devex docs #212 Dec 23-Jan 13, devex docs #213 Jan 13-Feb 3, devex docs #214 Feb 3-Feb 24, devex docs #215 Feb 24-Mar 17
    • 5
    • Documentation (Ref Guide, User Guide, etc.), User Experience

      User story: As a cluster-admin, I can disable the creation of the default pipeline service account on each namespace.
      From the Dev Issue:
      As of today, the OpenShift Pipelines operator will create a pipeline service account on all namespace when installed, with the pipeline-scc which has RunAsAny among other things.

      Why
      This feature can be seen as a security issue as some customers have reported. It would be interesting if a cluster-admin could disable this feature by default.

      This has some impact though : our ClusterTask would note work by default anymore. This has to be clear to the user that when he disables this, either it also disable default cluster task or they are expected to not work. This would require heavy documentation on our part (in a "use case" part of our documentation)

            rhn-support-sosarkar Souvik Sarkar (Inactive)
            pchandra@redhat.com Preeti Chandrashekar
            Savita .
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: