Install the elasticSearch Operator with the following command: kubectl create -f https://operatorhub.io/install/elastic-cloud-eck.yaml
View the available clusterRoles
$ k get clusterroles
...
# ClusterRoles generated for the `operators/global-operators operatorGroup`.
global-operators-admin 2021-11-05T21:34:28Z
global-operators-edit 2021-11-05T21:34:28Z
global-operators-view 2021-11-05T21:34:28Z
...
# Some of the ClusterRoles generated for the packagemanifest CRD introduced by the elasticSearch operator
apmservers.apm.k8s.elastic.co-v1-admin 2021-11-05T21:50:54Z
apmservers.apm.k8s.elastic.co-v1-crdview 2021-11-05T21:50:54Z
apmservers.apm.k8s.elastic.co-v1-edit 2021-11-05T21:50:54Z
apmservers.apm.k8s.elastic.co-v1-view 2021-11-05T21:50:54Z
...
Mutiple labels are generated in the operatorGroup's clusterRole
k get clusterroles global-operators-edit -o yaml
aggregationRule:
clusterRoleSelectors:
- matchLabels:
olm.opgroup.permissions/aggregate-to-91302e3d8ef46fe2-edit: "true"
...
...
...
$ k get clusterRoles -l olm.opgroup.permissions/aggregate-to-91302e3d8ef46fe2-edit=true
NAME CREATED AT
apmservers.apm.k8s.elastic.co-v1-edit 2021-11-05T21:50:54Z
**Proposed Fix:**
Documentation should be updated to reflect that OLM now generates a label selector for each provided api in the operatorGroup.
The OperatorGroup RBAC Documentation is dated as of this commit.
Steps to reproduce:
kubectl create -f https://operatorhub.io/install/elastic-cloud-eck.yaml$ k get clusterRoles -l olm.opgroup.permissions/aggregate-to-91302e3d8ef46fe2-edit=true NAME CREATED AT apmservers.apm.k8s.elastic.co-v1-edit 2021-11-05T21:50:54Z