Provide access privilege required for `cncf.kubernetes` operators/executors

[pykenny]

What do you see as an issue?

In cncf-kubernetes provider's operator section, it describes how each operator work, but does not mention what type of access privileges are required to run these operators.

Same kind of details may be needed for the two types of Kubernetes executors as well.

Solving the problem

Provide privileges on Kubernetes resource required for each operator.

For instance, in 3rd-party airflow_kubernetes_job_operator package, it lists out all the privileges needed to gain full functionality of their operator in readme, written in RBAC format:

• https://github.com/LamaAni/KubernetesJobOperator?tab=readme-ov-file#kubernetes-rbac-rules

Anything else

No response

Are you willing to submit PR?

• Yes I am willing to submit a PR!

Code of Conduct

• I agree to follow this project's Code of Conduct

[potiuk]

Sure. Marked it as good-first-issue and you are free to contribute it, otherwise it will have to wait for someone to volunteer, pick it up and contribute.

[topherinternational]

@pykenny A good start might be the k8s permissions in the Helm chart, e.g. https://github.com/apache/airflow/blob/providers-cncf-kubernetes/8.3.4/chart/templates/rbac/pod-launcher-role.yaml (and others in that directory).

It's not exactly the k8s operators, but it should be a similar perms profile as what is needed to launch a task pod from the k8s executor.

[alectric-tr]

@potiuk I'd be happy to take on this issue if no one else is already.

[yranjan06]

Hi @potiuk @xelathan ,
I’m a beginner in data engineering and Kubernetes and would love to take this up as my first contribution.
@xelathan – just checking if you’ve already started on it. If not, can I work on it?

[yranjan06]

Hi, I’ve submitted a PR to resolve this issue: #53540

The PR adds a new RBAC documentation page under providers.cncf.kubernetes with working examples and Helm context.

Happy to improve it further based on feedback!