The page https://validatedpatterns.io/patterns/multicloud-gitops/mcg-getting-started/ says
To deploy the cluster by using the pattern.sh file, complete the following steps:
Login to your cluster by running the following command:
oc login
Yet when I do that with a regular user and then run ./pattern.sh make install, I get
$ ./pattern.sh make install
make -f common/Makefile operator-deploy
make[1]: Entering directory '/home/test/validatedpatterns/multicloud-gitops'
Checking prerequisites:
Check for 'git helm oc ansible': OK
Check for python-kubernetes: OK
Check for kubernetes.core collection: OK
Checking repository:
https://github.com/validatedpatterns/multicloud-gitops - branch main: Running inside a container: Skipping git ssh checks
Checking cluster:
cluster-info: Error from server (Forbidden): services is forbidden: User "user" cannot list resource "services" in API group "" in the namespace "kube-system"
Error
make[1]: *** [common/Makefile:97: validate-cluster] Error 1
make[1]: Leaving directory '/home/test/validatedpatterns/multicloud-gitops'
make: *** [Makefile:12: operator-deploy] Error 2
Clearly the user used to log in the OCP cluster has to have some extra roles / privileges, potentially cloud-admin, but the documentation does not state which they are.
For security reasons all accounts used should be assumed to have minimal roles / privileges. So if some extra are needed for some of the steps in Validated Patterns, they should be clearly stated.
The page https://validatedpatterns.io/patterns/multicloud-gitops/mcg-getting-started/ says
Yet when I do that with a regular user and then run
./pattern.sh make install, I getClearly the user used to log in the OCP cluster has to have some extra roles / privileges, potentially
cloud-admin, but the documentation does not state which they are.For security reasons all accounts used should be assumed to have minimal roles / privileges. So if some extra are needed for some of the steps in Validated Patterns, they should be clearly stated.