Cluster-level permissions FAQs#

Cluster-level permissions FAQs

Why do you need cluster-level permissions?

A third party Kubernetes library called Argo is used to dynamically manage plug-ins or integration pods that HCL™ Accelerate uses to link with external tools. For running integrations on HCL™ Accelerate, a pod is provisioned dynamically at runtime for each execution. Plug-ins are programming language independent and securely isolated while accessing resources on the pod without interfering with any core services.
What service creates pods dynamically and how is it accomplished?

The Argo workflow-controller creates pods dynamically when it detects the creation of a workflow that is a Custom resource definition (CRD).

What resources are added to the HCL™ Accelerate installation to support integration executions?

Resources are detailed in the following table.

Resource	Name	Description
`CustomResourceDefinition`	`cronworkflows.argoproj.io`	This workflow control tracks the call of a plug-in execution.
`CustomResourceDefinition`	`workflows.argoproj.io`	Provisions pods for plug-in execution
`CustomResourceDefinition`	`workfloweventbindings.argoproj.io`	Informs calling workflows of provisioned pod status
`CustomResourceDefinition`	`clusterworkflowtemplates.argoproj.io`	Cluster scoped templates defining instructions for running workflows
`CustomResourceDefinition`	`workflowtemplates.argoproj.io`	Namespace scoped templates defining instructions for running workflows
`ServiceAccount`	`argo`	New service account used by both the workflow controller and the HCL™ Accelerate `reporting-consumer` micro-service to interact with specific resources scoped to the namespace.
`Role`	`argo-role`	Special role to retrieve, create and delete pods, execute pods, and generate pod logs consisting of workflow CRDs bound to the Argo `ServiceAccount` only.
`RoleBinding`	`argo-binding`	The binding for the `ServiceAccount` and the `argo-role`.
`ConfigMap`	`workflow-controller-configmap`	Configuration for the Argo `workflow-controller`.
`Deployment`	`workflow-controller`	Deployment for the main Argo `workflow-controller`.

How long are cluster-level permissions required?

The time required for a successful installation of HCL™ Accelerate. Also, temporary cluster-level permissions may be required in specific upgrade scenarios. Contact either your Kubernetes or OpenShift administrator beforehand to ensure an efficient installation or upgrade process.

Parent topic: Installing on Kubernetes

Parent topic: Installing as an OpenShift application