-
Task
-
Resolution: Done
-
Undefined
-
ACM 2.12.0
-
False
-
None
-
False
-
-
-
None
Note: Doc team updates the current version of the documentation and the
two previous versions (n-2), but we address *only high-priority, or
customer-reported issues* for -2 releases in support.
Describe the changes in the doc and link to your dev story:
1. - [x] Mandatory: Add the required version to the Fix version/s field.
2. - [ ] Mandatory: Choose the type of documentation change or review.
- [x] We need to update to an existing topic
- [ ] We need to add a new document to an existing section
- [ ] We need a whole new section; this is a function not
documented before and doesn't belong in any current section
- [ ] We need an Operator Advisory review and approval
- [ ] We need a z-Stream (Errata) Advisory and Release note
for MCE and/or ACM
3. - [x] *Mandatory: *Use the following link to open the doc and find where the
documentation update should go. Note: As the feature and doc is
understood and developed, this placement decision may change:
4. - [x] Mandatory for GA content:
- [x] Add steps, the diff, known issue, and/or other important
conceptual information in the following space:
- [ ] *Add Required access level *(example, *Cluster
Administrator*) for the user to complete the task:
- [ ] Add verification at the end of the task, how does the user
verify success (a command to run or a result to see?)
- [x] Add link to dev story here:
ACM-12790
5. - [x] Mandatory for bugs: What is the diff? Clearly define what the
problem is, what the change is, and link to the current documentation. Only
use this for a documentation bug.
On the "Access control" row in the "Hub cluster" column, please adjust the wording to something similar to this:
By default, you can only reference namespaced Kubernetes resources that are in the same namespace as the `Policy` object, and the `ManagedCluster` object of the cluster the policy is propagated to. Alternatively, you can specify the `spec.hubTemplateOptions.serviceAccountName` field in the `Policy` object to a service account in the same namespace as the the `Policy` resource. When specified, this service account is used for all Hub template lookups. Note that this service account needs to have `list` and `watch` permissions on any resource that is looked up in a hub template.
- documents
-
ACM-12790 Allow custom service account for hub templates
- Closed