Request for Comprehensive Kubernetes Permissions to Execute 'oc adm must-gather' Command in OpenShift Pod

[Lolelinus13]

Hello,

I am currently working on setting up the oc adm must-gather command to run within a pod in our OpenShift environment. To ensure that the ServiceAccount used by the pod has all the necessary permissions to execute the command successfully, I need a comprehensive list of the required Kubernetes permissions.

Could you please provide a detailed list of all the necessary Kubernetes permissions that are needed to run the oc adm must-gather command? This information will greatly help in configuring the appropriate Role or ClusterRole for the ServiceAccount.

Thank you for your assistance!

Best regards, Lolelinus

[sferich888]

I don't think you need a compressive list of permissions (plus that isn't how RBAC works). When must-gather is run, a new namespace is created and that namespace's default service account is given 'cluster-admin' permissions.

That happens here. In short; any pod created in the the namespace (as part of the must-gather scripts/execution) all run with this elevated set of permissions.

[sferich888]

/close

I am going to close this as answered; if you have further questions let me know and I will try and answer them the best I can.

[openshift-ci[bot]]

@sferich888: Closing this issue.

In response to [this](https://github.com/openshift/must-gather/issues/438#issuecomment-2296794405): >/close > >I am going to close this as answered; if you have further questions let me know and I will try and answer them the best I can. Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.