operator-registry icon indicating copy to clipboard operation
operator-registry copied to clipboard
verified publisher icon operator-framework

create capability to restrict operator installs with installPermssions annotation

Open redhatrises opened this issue 3 years ago • 0 comments

Per conversation with the operator-framework team at KubeCon, there is an inherent security need for certain operators to only be installed based on a set of permissions in a simplified manner. The idea here is that there would be an optional annotation like:

installPermissions: cluster-admin

which would should up in operatorhub so that users understand that they need to be cluster-admin to install the operator. Based on this permission set, the operator could just not show up in the console/cli, be grayed out/un-clickable, or display a permissions error, etc.

It was either this repo or Rukpak that I was directed to open this issue. Let me know either way. It was also suggested that this could be a discussion in the community meetings. Thanks!

redhatrises avatar Nov 03 '22 21:11 redhatrises