Grant minimal RBAC permissions to KOTS

You can opt to grant minimal Role-Based Access Control (RBAC) permissions to KOTS if you do not want it to have access to all resources in the namespaces on a Bring-Your-Own (BYO) cluster installation. To enable minimal RBAC, a cluster role as well as cluster role binding are needed so that KOTS can conduct preflight checks and deploy Obcerv.

  1. Download this YAML file to apply the required RBAC manifests for the installation.

  2. Apply the YAML file before installing KOTS (recommended). While the admin console will initially issue a warning, it can be safely ignored and the preflight check will still continue.

    However, if you have already installed KOTS, you can still apply the YAML file. The KOTS admin console may indicate that some checks failed due to insufficient permissions. In this case, you can manually apply the YAML file using kubectl and then rerun the preflight check from the command line.

    First, download and run the preflight check script:

    %> curl https://krew.sh/preflight | bash

    Then run the preflight check for Obcerv installation:

    %> kubectl preflight secret/itrs/kotsadm-obcerv-bobcat-preflight

    Following command execution, the KOTS admin console will display the updated preflight check results, enabling you to reinitiate the installation process.

  3. Once the YAML has been applied, install KOTS with the additional --use-minimal-rbac flag.

["Obcerv"] ["User Guide", "Technical Reference"]

Was this topic helpful?