Thanks for info. Am still not clear, are you saying to provide cluster “admin” role to robot account? My robot user/account should perform below jobs on all projects in the clusters
Can u help to understand what cluster role I need to add to this robot user? So he has cluster wide limited admin access to perform above jobs. One immediate solution is to add cluster ‘admin’ but as you said we are little hesitated rather want to give exact roles roles required for his job.
Your help is highly appreciated …
From: David Eads <deads redhat com>
Date: Thursday, August 4, 2016 at 11:31 AM
To: skotaru <skotaru cisco com>
Cc: "users lists openshift redhat com" <users lists openshift redhat com>
Subject: Re: cluster-roles
I don't think I've have my robot use the `projectrequests` endpoint. Instead, I'd grant my robot the power to
Binding the robot to "admin" seems a little bit odd, but the rules for binding roles to subjects require that the the binder (robot in your case) have at least all the permissions of the roles its binding. This prevents a binder from escalating privileges by granting more power to the bindee.
On Thu, Aug 4, 2016 at 2:04 PM, Srinivas Naga Kotaru (skotaru) <skotaru cisco com> wrote: