Feature: RBAC Support for Rollout Restart Permissions per Environment #6749
Description
🔖 Feature description
Devtron should support fine-grained RBAC permissions that allow users or groups (e.g., developers) to perform only rollout restart operations on Kubernetes Deployments, scoped to specific environments (e.g., staging or dev), without granting full deployment or edit access.
This would involve:
- A new RBAC action like rollout-restart under the deployment module.
- The ability to assign this action on a per-environment basis.
- Optional audit logging or confirmation to track such restarts.
🎤 Pitch / Usecases
Problem:
Currently, developers need elevated permissions (like deployment or edit access) to perform a kubectl rollout restart, which poses a risk of unintended changes or full deployment access.
Use Case:
- A team wants to allow developers to restart pods nightly or on-demand (e.g., after config map changes or memory leaks) without giving them full deploy access.
- The DevOps/SRE team should retain control over CI/CD and deployments, while developers get operational flexibility in non-production environments.
Example:
A backend developer working on the staging environment should be able to:
kubectl rollout restart deployment backend-api -n staging
But not modify the image, replicas, or deploy new changes.
🔄️ Alternative
No response
👀 Have you spent some time to check if this issue has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct