Cluster-level permissions FAQs#
Cluster-level permissions FAQs
Why do you need cluster-level permissions?
A third party Kubernetes library called Argo is used to dynamically manage plug-ins or integration pods that HCL™ Accelerate uses to link with external tools. For running integrations on HCL™ Accelerate, a pod is provisioned dynamically at runtime for each execution. Plug-ins are programming language independent and securely isolated while accessing resources on the pod without interfering with any core services.
What service creates pods dynamically and how is it accomplished?
What resources are added to the HCL™ Accelerate installation to support integration executions?
Resources are detailed in the following table.
Resource Name Description
This workflow control tracks the call of a plug-in execution.
Provisions pods for plug-in execution
Informs calling workflows of provisioned pod status
Cluster scoped templates defining instructions for running workflows
Namespace scoped templates defining instructions for running workflows
New service account used by both the workflow controller and the HCL™ Accelerate
reporting-consumermicro-service to interact with specific resources scoped to the namespace.
Special role to retrieve, create and delete pods, execute pods, and generate pod logs consisting of workflow CRDs bound to the Argo
The binding for the
Configuration for the Argo
Deployment for the main Argo
How long are cluster-level permissions required?
The time required for a successful installation of HCL™ Accelerate. Also, temporary cluster-level permissions may be required in specific upgrade scenarios. Contact either your Kubernetes or OpenShift administrator beforehand to ensure an efficient installation or upgrade process.
Parent topic: Installing on Kubernetes
Parent topic: Installing as an OpenShift application