Non-admin user documentation guide

[rafaelvzago]

Sugestion

• The cluster-admin needs to give access to each user to the project namespace using a Sevice Account since the USER entity is an Openshift feature.

[pwright]

So, we need something like:

To create service accounts that allow you create sites, you must give those accounts permissions as described in the example below, which creates the skupper-sa service account for the west namespace:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: skupper-sa
  namespace: west

---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: skupper-sa-full-access
  namespace: west
rules:
- apiGroups: ["", "apps", "extensions", "rbac.authorization.k8s.io",]
  resources: ["*"]
  verbs: ["*"]

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: skupper-sa-view
  namespace: west
subjects:
- kind: ServiceAccount
  name: skupper-sa
  namespace: west
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: skupper-sa-full-access