Kueue should provide RBAC permissions for cohorts OOTB #5275
Assignees
Labels
kind/bug
Categorizes issue or PR as related to a bug.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
What happened:
I noticed that Kueue does not provide RBAC permissions for Cohort API to update & read by admis.
What you expected to happen:
Kueue provides the RBAC natively as for other cluster-scoped resources (ClusterQueue, ResourceFlavor, Topology).
How to reproduce it (as minimally and precisely as possible):
Execute a request authenticated as a Kueue batch admin.
Anything else we need to know?:
It is not a critical bugs - administrators can easily provide the necessary RBAC, but I think we should strive for consistency, following the principle of least surprise.
See for comparison RBAC for ResourceFlavor:
https://github.com/kubernetes-sigs/kueue/blob/main/config/components/rbac/resourceflavor_editor_role.yaml
https://github.com/kubernetes-sigs/kueue/blob/main/config/components/rbac/resourceflavor_viewer_role.yaml
The text was updated successfully, but these errors were encountered: