Closed toschneck closed 2 months ago
/label customer-request
I've brought this up as a bug with Kubermatic almost 1.5 years ago, but unfortunately the result of internal discussions communicated to me was "KKP Admins should be only allowed for displaying all resources and interactions like editing/creating/removing should not be possible". They acknowledged that this isn't currently true either, as KKP admins can take several CRUD actions in projects. Thus this was created: https://github.com/kubermatic/docs/issues/1362
I still disagree with that view, thus I would very much like to see this issue here adressed instead.
But the problem is more complicated, here's another example:
In general, the KKP admin privileges on the dashboard feel random and often wrong.
/label sig/cluster-management /label sig/api /label sig/ui
/kind feature
/remove-label sig/cluster-management
/assign @ahmadhamzh
/transfer-issue dashboard
What happened?
As KKP Admin, I would like to controll every setting of any user cluster, even if I'm not Part of the project. Currently I can't add a new RBAC Binding, when my account doesn't belong to the Project, even if I'm KKP super admin:
If try to workaround and add my-self to the project as admin, I can't do it, as this is not allowed (what is not correct in my opinion)
Expected behavior
As KKP Admin I should have full rights on the platform and allowed to do:
How to reproduce the issue?
Login as KKP Admin, choose an Project where you are not Member of it and try
How is your environment configured?
2.25.6
Provide your KKP manifest here (if applicable)
See https://github.com/kubermatic/demo-infra/tree/main/kubermatic
What cloud provider are you running on?
doesn't matter
What operating system are you running in your user cluster?
doesn't matter
Additional information