Verify/Trigger Operator Installation Rights for kruize-admins

[schwesig]

Ensure the kruize-admins user group has the permissions to install operators.

Questions:

• Is this process managed exclusively via GitOps?
• If so, can it also be made available manually (via the console)?

Related Issues and Pull Request:

• https://github.com/nerc-project/operations/issues/624
• https://github.com/nerc-project/operations/issues/645
• https://github.com/OCP-on-NERC/nerc-ocp-config/pull/471

Assigned: @tssala23 ? or change it, if I am wrong

[schwesig]

/CC @larsks @tssala23 @dystewart

[tssala23]

Kruize Admins group has the same access to the cluster as we (nerc folks) do, we didn't create a new role just a new role binding (Kruize admins and nerc ops are both bound to the same role). There are some commands that they will not be able to do by default, but it they add the --as system:admin, flag to the command they'll be able to run it.

The cluster isn't currently setup with argoCD, so even though I've been making pull requests to change the manifests in the config repo, I've actually been applying them myself. Even once/if it has argoCD managing it my understanding is they can still install operators manually, they just can't make changes to anything that is managed by argoCD i.e. they couldn't remove an operator if argoCD is managing it unless the change the manifests on github.

[schwesig]

As requested and approved with me, operator-install rights are applied for the web console. thanks @tssala23

closing this issue, and creating a new one for the details about using/not using ArgoCD/GitOps