Bypassing kubeadmin user #74
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
content/integration-config.md
Outdated
| @@ -253,6 +253,9 @@ users: | |||
|
|
|||
| `clusterAdminGroups:` Contains names of the groups that are allowed to perform CRUD operations on namespaces present on the cluster. Users in the specified group(s) will be able to perform these operations without MTO getting in their way | |||
|
|
|||
| !!! note | |||
| User `kube:admin` is bypassed by default to perform operations as a cluster admin, this includes operations on all of the namespaces. | |||
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
Consider using “all the”. (ALL_OF_THE[1])
Suggestions: all the
URL: https://languagetool.org/insights/post/wordiness/
Rule: https://community.languagetool.org/rule/show/ALL_OF_THE?lang=en-US&subId=1
Category: REDUNDANCY
content/faq.md
Outdated
|
|
||
| **Answer.** Tenant members will not be able to use `kubectl apply` because `apply` first gets all the instances of that resource, in this case namespaces, and then does the required operation on the selected resource. To maintain tenancy, tenant members do not the access to get or list all the namespaces. | ||
|
|
||
| The fix is create namespaces with `kubectl create` instead. |
There was a problem hiding this comment.
[LanguageTool] reported by reviewdog 🐶
Consider using either the past participle “created” or the present participle “creating” here. (BEEN_PART_AGREEMENT[9])
Suggestions: created, creating
Rule: https://community.languagetool.org/rule/show/BEEN_PART_AGREEMENT?lang=en-US&subId=9
Category: GRAMMAR
|
@stakater-user Image is available for testing. |
No description provided.