anthill
anthill copied to clipboard
gluster
Create RBAC roles for CRs
Describe the feature you'd like to have. Determine a set of RBAC roles that are appropriate for the gluster operator ecosystem. This includes access that:
- The admin needs in order to control the operator and perform maintenance on nodes
- The operator needs to deploy CSI driver(s), gluster pods, etc.
- other? The rules should be minimal for the required purpose and each permission should be documented with its reason.
What is the value to the end user? (why is it a priority?) Admins need to be able to properly secure their cluster, both to prevent accidental changes as well as to prevent malicious actors from exploiting the system. A security conscious admin would like to know what permissions are required and why.
How will we know we have a good solution? (acceptance criteria)
- Separate roles for the main "entities" in the system
- All permissions documented
- Permissions minimized for each role
Additional context Child of #6
