Permissions to install Che on Kubernetes using CLI
A specific set of permissions is required to install Che on an Kubernetes cluster using the chectl CLI tool.
The following YAML shows the minimal set of permissions required to install Che on an Kubernetes cluster using chectl:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: che-install-chectl
rules:
- apiGroups: ["org.eclipse.che"]
resources: ["checlusters"]
verbs: ["*"]
- apiGroups: ["project.openshift.io"]
resources: ["projects"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list", "create"]
- apiGroups: [""]
resources: ["pods", "configmaps"]
verbs: ["get", "list"]
- apiGroups: ["route.openshift.io"]
resources: ["routes"]
verbs: ["get", "list"]
# OLM resources permissions
- apiGroups: ["operators.coreos.com"]
resources: ["catalogsources", "subscriptions"]
verbs: ["create", "get", "list", "watch"]
- apiGroups: ["operators.coreos.com"]
resources: ["operatorgroups", "clusterserviceversions"]
verbs: ["get", "list", "watch"]
- apiGroups: ["operators.coreos.com"]
resources: ["installplans"]
verbs: ["patch", "get", "list", "watch"]
- apiGroups: ["packages.operators.coreos.com"]
resources: ["packagemanifests"]
verbs: ["get", "list"]Additional resources