Replies: 2 comments 1 reply
-
|
Hi everyone, just following up on this question. Thanks in advance! |
Beta Was this translation helpful? Give feedback.
-
|
Hi, following up to check if there have been any updates on this, as it's also relevant to me. |
Beta Was this translation helpful? Give feedback.
-
|
Hi @Robles234 and @rebecagarciacoca , you can try adding |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone,
We are facing an issue with an Open Data Hub (ODH) installation on an OpenShift cluster.
It seems that the kueue component (apparently used to manage background jobs) is automatically creating a ClusterRole named kueue-batch-user-role, granting create permissions on jobs.batch, and a ClusterRoleBinding named kueue-batch-user-rolebinding, which binds this role to the system:authenticated group (i.e., all authenticated users).
Initially, we tried to edit the ClusterRoleBinding to bind it to a more restricted group, such as odh-admins, instead of system:authenticated, in order to improve security. However, the operator immediately reconciles and recreates the ClusterRoleBinding with the original configuration.
We noticed that the resources have annotations and/or labels indicating they are managed by the ODH operator.
Our question is:
What would be the recommended way to restrict the kueue-batch-user-rolebinding to a more specific group (like odh-admins) without the operator reverting the change?
Is there a configuration option in ODH or in the kueue setup to customize the group used for the binding, or to disable the automatic management of this specific ClusterRoleBinding?
We want to ensure that we do not compromise the functionality of ODH while tightening access control.
Thanks in advance for any help or guidance!
Beta Was this translation helpful? Give feedback.
All reactions