[Strimzi] Multiple namespace AMQ

Paolo Patierno ppatiern at redhat.com
Wed Jan 30 08:08:18 UTC 2019 

Hi Daniel,

the Cluster Operator needs these rights in order to watch/create/update all
the Kubernetes/OpenShift resources for deploying and managing one or more
Kafka clusters (and Kafka Connect, Mirror Maker instances).
It also needs the rights for delegating to the other operators (User and
Topic) the rights for handling the other resources for users and topics
management.
Giving these rights using a service account and role bindings is not
possible without admin rights.
With OpenShift 3.11 and the OLM (Operators Lifecycle Manager) in place, it
should be simpler and transparent to the final user; the OLM will take care
of deploying the Cluster Operator so that admin rights aren't needed
anymore.
Finally just remember that, in order to deploy a Kafka cluster, you don't
need admin rights anymore. In that case a "Strimzi admin" role is enough
for creating the Kafka related resources (as you can read here
https://strimzi.io/docs/master/#assembly-getting-started-strimzi-admin-str).

Thanks,
Paolo.

On Tue, Jan 29, 2019 at 3:08 PM Daniel Beilin <dandaniel97 at gmail.com> wrote:

> Hello,
>
> I want to deploy AMQ streams in such a way where we have one Cluster
> operator sitting inside one project and other projects use it in order to
> deploy their clusters. But the way it seems to work is not very "as a
> service" and requires a cluster admin involvement in several places in
> order to add a new project.
>
> Firstly, you need to change the env inside the deployment of the cluster
> operator.
> Secondly, you need to use the role binding in the new project
> Thirdly, you need to re-deploy the cluster operator.
>
> These three steps require high privilege and not really accessible for
> someone who is not a cluster admin, is there a way to make this more
> accessible not to cluster admin? Or a way you don't need to do this for
> every single project?
>
> Thank you in advanced,
> Daniel
> _______________________________________________
> Strimzi mailing list
> Strimzi at redhat.com
> https://www.redhat.com/mailman/listinfo/strimzi
>


-- 

PAOLO PATIERNO

PRINCIPAL SOFTWARE ENGINEER, MESSAGING & IOT

Red Hat

<https://www.redhat.com/>
<https://red.ht/sig>
<https://redhat.com/summit>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/strimzi/attachments/20190130/6df813cd/attachment.htm>

More information about the Strimzi mailing list