Section Number and Name:
Cluster Administration/Managing Role-based Access Control (RBAC)/Granting Users Daemonset Permissions
Describe the issue:
The cluster role example is missing the verb 'patch'. Without patch, the user will not be able to successfully do 'oc edit daemonset' which presumably is the intended way of editing the daemonsets.
Suggestions for improvement:
oc create clusterrole daemonset-admin --verb=create,delete,get,list,update,watch --resource=daemonsets.extensions
oc create clusterrole daemonset-admin --verb=create,delete,get,list,update,watch,patch --resource=daemonsets.extensions
Also, it would be nice if this section contained a third step that showed the full oc edit daemonset command. Eg:
oc edit daemonset <daemonset_name>
This section was removed from 3.9, so it applies to only 3.7.
David and I had a chat over email, and I understand the request for `oc edit daemonset <daemonset_name>`.
@Chuan Yu, I have a few questions.
1) Do you think that it's appropriate to add `oc edit daemonset <daemonset_name>` to https://docs.openshift.com/container-platform/3.7/dev_guide/daemonsets.html? That topic makes it sound like you'd need to edit the daemonset, delete the existing pods/nodes, and make new ones to apply the change.
2) Does the change on this PR look good to you: https://github.com/openshift/openshift-docs/pull/9701
1) Yes, add and patch should be same operation to the resource, leave the patch here is OK.
2) The changes LGTM.
Thank you very much! I merged the change and am waiting for it to go live.
This change is live on docs.openshift: https://docs.openshift.com/container-platform/3.7/admin_guide/manage_rbac.html#admin-guide-granting-users-daemonset-permissions
And on the portal: https://access.redhat.com/documentation/en-us/openshift_container_platform/3.7/html-single/cluster_administration/#admin-guide-granting-users-daemonset-permissions