As a cluster administrator, I want to have the possibility to bind my own cluster role for the jaeger-operator Service Account, so that will give a possibility to narrow down the permissions and resolve any possible RBAC violations.
Problem
This lack of option blocks us from resolving RBAC violations connected with the jaeger-operator service account. The possibility to bind our own cluster role gives a place where we can define it.
Proposal
For helm values give options under Service Account with a boolean which checks if a custom cluster role should be defined and the name of such cluster role. Then for the role binding template add a conditional in roleRef, which should check if the boolean custom cluster role has a value true and then change the name of a cluster role to defined in the helm values.
Open questions
Is it appropriate to have such an option or jaeger-operator should have broad permissions to core cluster components for all namespaces?
Requirement
As a cluster administrator, I want to have the possibility to bind my own cluster role for the jaeger-operator Service Account, so that will give a possibility to narrow down the permissions and resolve any possible RBAC violations.
Problem
This lack of option blocks us from resolving RBAC violations connected with the jaeger-operator service account. The possibility to bind our own cluster role gives a place where we can define it.
Proposal
For helm values give options under Service Account with a boolean which checks if a custom cluster role should be defined and the name of such cluster role. Then for the role binding template add a conditional in roleRef, which should check if the boolean custom cluster role has a value true and then change the name of a cluster role to defined in the helm values.
Open questions
Is it appropriate to have such an option or jaeger-operator should have broad permissions to core cluster components for all namespaces?