Open TBBle opened 4 years ago
This indeed sounds odd and I believe you might be right. If you want to give it a try and don't have access to an OpenShift cluster, let me know. Otherwise, we might test it ourselves in the next couple of weeks.
As an outcome of the original question: what's the minimal set of permissions required to create a Jaeger CR? Perhaps a simple list|get|create|update
of jaegertracing.io.jaegers
would be sufficient?
That looks right to me. I haven't gotten around to testing it though.
The jaeger-operator role is quite wide-ranging, and seems entirely too wide for users who just need to CRUD a single resource (jaegertracing.io.Jaeger).
The application of the jaeger-operator role in this way was seen in the Openshift installation instructions but we're not using Openshift here. It is however the only place that talks about letting non-privileged uses (in our case, a CI builder service account) create Jaeger instances.