Can LimitRange be created and deleted by local admin
Issue
-
The 'admin' cluster role has 'get list watch' permissions to limitranges, however I think users who have been granted the 'admin' role inside a namespace should also have modification rights (create, delete, update, patch) to limitranges. Limitranges are the mechanism used by a local admin to set default pod and container resource constraints, and to my knowledge only apply to a namespace.
-
It makes sense that resourcequotas remain a cluster-admin task only, because they limit the total number of resources a namespace can use. However a local admin should have the ability to set pod and container limits inside their own namespace. If this is not possible or desired, then I would like to see a new mechanism to set default allocations (e.g. 512Mi memory) per pod.
Environment
- Openshift Container Platform
- 3.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.