You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After we implement #737, users will need to provide their own service accounts that have the permissions necessary to manage the lifecycle of a bundle.
The service account needs CRUD on each group resource of each unique object in the bundle
If there are any ClusterRoles, Roles, ClusterRoleBindings, and/or RoleBindings, the service account additionally needs:
Either escalate/bind to allow the service account to create permissions it itself does not have
OR permissions that match the permissions that are granted by the RBAC in the bundle.
There are some technical challenges here:
The bundle must be pulled, extracted, and rendered in order to see what would be deployed.
After we implement #737, users will need to provide their own service accounts that have the permissions necessary to manage the lifecycle of a bundle.
The service account needs CRUD on each group resource of each unique object in the bundle
escalate/bindto allow the service account to create permissions it itself does not haveThere are some technical challenges here:
The text was updated successfully, but these errors were encountered: