jakelyods58
Cadet
Cadet
  • 113 Views

RBAC Remove Ability to Delete Projects

Looking for information on how to create a clusterrole that has cluster-admin priv's, except for the ability to delete namespaces / projects. I'd love it to be auto-updating, the problem I have now is I created a clusterrole with all priv's except the ability to delete projects / namespaces. But it's not auto-updating. So anytime we add new operators or anything, the role has to be manually updated which isn't ideal. Anyone have any suggestions?

Labels (1)
0 Kudos
1 Reply
flozano
Moderator
Moderator
  • 49 Views

Re: RBAC Remove Ability to Delete Projects

Could you provide more details about what kind if auto-update you need and how new operators impact your custom role?

Sometimes you need a kind of flexibilty that is not provided by Kubernetes. OpenShift comes out-of-the-box with support for Kubernetes Operators that allow you to extend Kubernetes capabilities for these scenarios.

Red Hat consultants created a number of operator that helps with implementing custom policies as part of Red Hat's Community of Practice. These are not formally supported but were created to meet customization demanded by actual customers. An example is:

https://github.com/redhat-cop/dynamic-rbac-operator

0 Kudos
Reply
Loading...
Join the discussion
You must log in to join this conversation.