I am looking for a best-practices regarding RBAC configuration for a
new CRD.
When an "end-user" tries to create a CR from the sample generated by
the operator SDK (1.2.0)
config/samples/<GROUP>_v1alpha1_<KIND>.yaml an RBAC
error is generated:
Error from server (Forbidden): error when creating
"config/samples/..."
The Operator SDK had generated files:
config/rbac/<KIND>_editor_role.yaml
config/rbac/<KIND>_viewer_role.yaml
but there is no Operator SDK documentation/recommendations how they
should be used. The only reference to these files is in the
Restricting
Roles and permissions section:
.. are not relevant to changing the operator’s resource
permissions
What is the recommended practice for the usage of these RBAC files?
If an operator is installed via the OLM are these RBAC files used to
permit all users to create instances of the CRD?
Thanks,
Michael