[SCALE-80] Create namespaced role and role binding for Hazelcast instead of cluster role(binding) - Create and track feature requests for Atlassian products.

Type: Suggestion
Resolution: Fixed
Fix Version/s: None
Affects Version/s: None
Component/s: Environment - Kubernetes
Labels:
None

Feedback Policy:

Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

Currently, DC apps that use Hazelcast K8s plugin for clustering need a ClusterRole and a ClusterRoleBinding to allow the client talk to K8s api. Often, admins do not have cluster wide permissions which make deployment of a datacenter app with clustering enabled impossible.

It turns out that K8s client does not need to get and list nodes (that's the only reason to create clusterrole really). The official Hazelcast Helm chart makes it configurable - one can create a namespaced role instead of a cluster role - https://github.com/hazelcast/charts/pull/277

It would be great to add such an option to https://github.com/atlassian/data-center-helm-charts as this will make chart deployment easier, and no unnecessary privileges are requested. The only usecase when K8s client may need to list nodes is https://github.com/hazelcast/hazelcast-kubernetes#zone-aware

Assignee:: Yevhen

Reporter:: Yevhen

Votes:: 4 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 01/Nov/2022 7:03 AM

Updated:: 09/Dec/2022 12:10 AM

Resolved:: 09/Dec/2022 12:10 AM

Details

Description

Attachments

Forms

Activity

People

Dates