This repository was archived by the owner on Apr 30, 2020. It is now read-only.
Create RBAC roles for CRs #28
Description
Describe the feature you'd like to have.
Determine a set of RBAC roles that are appropriate for the gluster operator ecosystem. This includes access that:
- The admin needs in order to control the operator and perform maintenance on nodes
- The operator needs to deploy CSI driver(s), gluster pods, etc.
- other?
The rules should be minimal for the required purpose and each permission should be documented with its reason.
What is the value to the end user? (why is it a priority?)
Admins need to be able to properly secure their cluster, both to prevent accidental changes as well as to prevent malicious actors from exploiting the system. A security conscious admin would like to know what permissions are required and why.
How will we know we have a good solution? (acceptance criteria)
- Separate roles for the main "entities" in the system
- All permissions documented
- Permissions minimized for each role
Additional context
Child of #6