Open TBBle opened 4 years ago
jpkrohling
commented
4 years ago This indeed sounds odd and I believe you might be right. If you want to give it a try and don't have access to an OpenShift cluster, let me know. Otherwise, we might test it ourselves in the next couple of weeks.
jpkrohling
commented
4 years ago As an outcome of the original question: what's the minimal set of permissions required to create a Jaeger CR? Perhaps a simple list|get|create|update of jaegertracing.io.jaegers would be sufficient?
TBBle
commented
4 years ago That looks right to me. I haven't gotten around to testing it though.
The jaeger-operator role is quite wide-ranging, and seems entirely too wide for users who just need to CRUD a single resource (jaegertracing.io.Jaeger).
The application of the jaeger-operator role in this way was seen in the Openshift installation instructions but we're not using Openshift here. It is however the only place that talks about letting non-privileged uses (in our case, a CI builder service account) create Jaeger instances.