Skip to Main Content
IBM Sustainability Software - Ideas Portal


This portal is to open public enhancement requests against the products and services belonging to IBM Sustainability Software. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Future consideration
Created by Guest
Created on Aug 20, 2024

The installation procedure should be split into tasks which have to be executed by cluster admin and those that can be executed by namespace admins

Major OEMs will have their own cloud solutions/Open Shift platforms. Open Shift cluster will be managed by their infrastructure/engineering team. Application team may not/will not have cluster admin access to the Open Shift cluster, since there will be multiple applications/instances might be running under the same Open Shift cluster. Providing cluster admin access to the Open shift cluster creates risk of tampering other applications running under the same cluster. Hence, the pre-requisite of having cluster admin access as part of Ansible Playbook installation may not be a viable option. So, the installation procedure should be split into tasks which has to be executed by cluster admin and those that can be executed by namespace admins. Segregation of duties and access restrictions are key internal controls of every organization.

Idea priority Medium
Needed By Quarter
  • Admin
    Lisa Stuckless
    Reply
    |
    Aug 21, 2024

    The background for why it works this way today is that the focus has been on less experienced OpenShift users who are more concerned with get OpenShift out of our way/minimize the time I spend thinking about OpenShift. This year we are transitioning to focus on the growing number of customer with existing OpenShift policies, processes, etc, and working out how we make a MAS install that we deliver able to not just be simple enough for an OpenShift novice, but also has sufficient flexibility to cater to more advanced users who have scenarios like what you describe with different personas needing to perform different parts of the MAS install. In these cases we accept that we must support a way to allow multi-phase, multi-persona driven installations, and the feedback and input from Ford and other customers is being used to try to build a solution that would be flexible enough to support a wide range of different views on where the boundaries between personas exists.

    At present there is no ETA on delivering anything in this area, but it's something we are researching and investigating, and understand that the simple model of "just be cluster admin" is not suitable for all customers. What we are looking to do in the medium term is provide clear documentation about the roles that are needed to use the MAS CLI, and run our install, update, upgrade, uninstall pipelines etc, as this is something that has been directly requested and obviously will form a key part of delivering a future role-aware automation engine.