Can LimitRange be created and deleted by local admin

Solution In Progress - Updated -

Issue

  • The 'admin' cluster role has 'get list watch' permissions to limitranges, however I think users who have been granted the 'admin' role inside a namespace should also have modification rights (create, delete, update, patch) to limitranges. Limitranges are the mechanism used by a local admin to set default pod and container resource constraints, and to my knowledge only apply to a namespace.

  • It makes sense that resourcequotas remain a cluster-admin task only, because they limit the total number of resources a namespace can use. However a local admin should have the ability to set pod and container limits inside their own namespace. If this is not possible or desired, then I would like to see a new mechanism to set default allocations (e.g. 512Mi memory) per pod.

Environment

  • Openshift Container Platform
    • 3.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content