Improve README spell out RBAC requirements #70
Labels
documentation
Improvements or additions to documentation
Comments
|
Hello, any plans on documenting RBAC? Thank you |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have not spelled out the specific RBAC requirements because of the assumption that the tool will always be run by admins. But that is certainly something we can improve in the README file for the diagnostic tool to enable restricted users to run it.
The user running the tool needs read access to all the resources listed here https://github.com/elastic/eck-diagnostics#information-collected-by-eck-diagnostics
The user also needs to be able to collect logs from all the Pods running Elastic Stack applications in the workload namespaces as well as all logs from all Pods in the namespace the operator runs in (typically
elastic-system). This meansget/listpermissions on thepods/logssub-resource.If the user wants to extract stack diagnostics as well then additional permissions are needed to deploy and delete Pods into the workload namespaces and to
execinto those Pods (pods/execsub-resource) .The text was updated successfully, but these errors were encountered: