kube:admin user

stakater · Dec 5, 2023 · 8f4fe2e · 8f4fe2e
1 parent 8061c54
commit 8f4fe2e
Show file tree

Hide file tree

Showing 11 changed files with 26 additions and 23 deletions.
diff --git a/content/changelog.md b/content/changelog.md
@@ -28,7 +28,7 @@
 
 - Started to support Kubernetes along with OpenShift as platform type.
 - Support of MTO's PostgreSQL instance as persistent storage for keycloak.
-- Added `kube:admin` as default cluster admin within MTO.
+- `kube:admin` is now bypassed by default to perform operations, earlier `kube:admin` needed to be mentioned in respective tenants to give it access over namespaces.
 
 ## v0.9.x
 

diff --git a/content/how-to-guides/integration-config.md b/content/how-to-guides/integration-config.md
@@ -7,7 +7,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:

diff --git a/content/integration-config.md b/content/integration-config.md
@@ -7,7 +7,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:
@@ -253,6 +253,9 @@ users:
 
 `clusterAdminGroups:` Contains names of the groups that are allowed to perform CRUD operations on namespaces present on the cluster. Users in the specified group(s) will be able to perform these operations without MTO getting in their way
 
+!!! note
+    User `kube:admin` is bypassed by default to perform operations as a cluster admin, this includes operations on all of the namespaces.
+
 ### Privileged Namespaces
 
 `privilegedNamespaces:` Contains the list of `namespaces` ignored by MTO. MTO will not manage the `namespaces` in this list. Values in this list are regex patterns.

diff --git a/content/reference-guides/configuring-multitenant-network-isolation.md b/content/reference-guides/configuring-multitenant-network-isolation.md
@@ -55,7 +55,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     project:

diff --git a/content/reference-guides/custom-roles.md b/content/reference-guides/custom-roles.md
@@ -9,7 +9,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:
@@ -35,7 +35,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:

diff --git a/content/reference-guides/integrationconfig.md b/content/reference-guides/integrationconfig.md
@@ -18,7 +18,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedNamespaces:
@@ -44,7 +44,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedServiceAccounts:
@@ -62,7 +62,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedServiceAccounts:
@@ -85,7 +85,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   vault:
     enabled: true

diff --git a/content/tutorials/argocd/enabling-multi-tenancy-argocd.md b/content/tutorials/argocd/enabling-multi-tenancy-argocd.md
@@ -31,7 +31,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:
@@ -138,7 +138,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:
@@ -178,7 +178,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:

diff --git a/content/usecases/argocd.md b/content/usecases/argocd.md
@@ -9,7 +9,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:
@@ -116,7 +116,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:
@@ -156,7 +156,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   ...
   argocd:

diff --git a/content/usecases/configuring-multitenant-network-isolation.md b/content/usecases/configuring-multitenant-network-isolation.md
@@ -55,7 +55,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     project:

diff --git a/content/usecases/custom-roles.md b/content/usecases/custom-roles.md
@@ -9,7 +9,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:
@@ -35,7 +35,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   tenantRoles:
     default:

diff --git a/content/usecases/integrationconfig.md b/content/usecases/integrationconfig.md
@@ -18,7 +18,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedNamespaces:
@@ -44,7 +44,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedServiceAccounts:
@@ -62,7 +62,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   openshift:
     privilegedServiceAccounts:
@@ -85,7 +85,7 @@ apiVersion: tenantoperator.stakater.com/v1alpha1
 kind: IntegrationConfig
 metadata:
   name: tenant-operator-config
-  namespace: stakater-tenant-operator
+  namespace: multi-tenant-operator
 spec:
   vault:
     enabled: true