MCAD perform CRUD permissions on an unbounded set of resources when processing AppWrappers.
At the moment, users have to create ClusterRoles and bind them to the MCAD ServiceAccount.
Conventionally, operators / controllers leverage aggregated ClusterRoles to meet that need, which prevents the users from having to create ClusterRoleBinding resources.
WHY
MCAD perform CRUD permissions on an unbounded set of resources when processing AppWrappers.
At the moment, users have to create ClusterRoles and bind them to the MCAD ServiceAccount.
Conventionally, operators / controllers leverage aggregated ClusterRoles to meet that need, which prevents the users from having to create ClusterRoleBinding resources.
See https://kubernetes.io/docs/reference/access-authn-authz/rbac/#aggregated-clusterroles
WHAT
Create an aggregated ClusterRole, bound to MCAD ServiceAccount.
Document how to aggregate Roles, e.g. for KubeRay resources.