[OCS] Should not add cluster-admin role to ocs-operator and local-storage-operator users

[kshlm]

In the deploy-ocs.sh script, cluster-admin role is being added to the ocs-operator and local-storage-operator serviceaccounts. We should not be doing this.

All the permissions needed by the ocs-operator are being defined by the ocs-operator CSV. If we need something extra for KNI, we need to add it to the ocs CSV.

We currently do need the role addition for local-storage-operator. The local-storage-operator gets deployed by the OLM as a dependency of the ocs-operator. This makes it be installed into the openshift-storage namespace, when it expects to be installed in local-storage namespace. This seems to be causing issues with the permissions it has, and is currently being worked around by giving cluster-admin privileges. We should be working with the local-storage-operator devs and figuring out what exactly is missing when it is installed this way.

Alternatively, we could also install the local-storage-operator into the local-storage namespace separately from the deploy-ocs script. The local-storage operator provides its own deployment manifest to do this. We'll need to change the ocs deployment manifest to not deploy local-storage-operator.

[mykaul]

@kshlm - thanks for opening this. Is there an issue already open for the local-storage-operator?

[kshlm]

Nope. I would open one, but I don't know of the actual issues being hit. I've only heard of these issues from people who faced them trying to use the local-storage-operator, but I've not tried local-storage-operator yet.

It would be helpful if someone who's hit the issues can provide more info.