Use dedicated rolebinding to store owner
The following discussion from !4 (merged) should be addressed:
-
@alossent started a discussion: Site owner may add other admins to the default
adminrolebinding (e.g. by giving other users theadminrole in the web console). So we cannot just replace theadminrolebinding on owner change, this will remove all other admins as well. I think the logic in current openshift-site-manager code is to remove the previous owner and add the new owner.A better solution could be to use another, dedicated rolebinding resource to store the owner and give it the
adminrole, which we clearly mark as being managed by us (set an appropriatedescriptionannotation). Then it's OK to overwrite any user changes. Mayberolebinding/paas-site-owner?This means we leave the default
adminrolebinding untouched. (I think it's created automatically)