Currently we are deploying ArcGIS Enterprise on Kubernetes on our own dedicated OpenShift. Out of security concerns as well as polcies embedded in our orgaization we are not allowed to create user, service accounts and create role bindings.
Therefore a deployment was only possible by changing deployment scripts provided by Esri:
- change all Service Account names to a singe service account name already provided in our namespace / project in Openshift
- remove all parts where role bindings were altered or added (so-called RBAC related YAMLS)
Furthermore we needed to change the deployed stateful sets to use the pre-defined service accounts
I would like to suggest a switch in the config to either use the esri-defined role model or define a central pre-defined service account that has all the rights needed.
