Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-1062

Disable Service Binding Operator Installation in a single namespace

XMLWordPrintable

    • False
    • False
    • Hide
      Currently, when you install the Service Binding Operator in the single namespace installation mode, the absence of an appropriate namespace-scoped role-based access control (RBAC) rule prevents the successful binding of an application to a few known Operator-backed services that the Service Binding Operator can automatically detect and bind to. In addition, the following error message is generated:
      +
      .Example error message
      ----
      `postgresclusters.postgres-operator.crunchydata.com "hippo" is forbidden:
              User "system:serviceaccount:my-petclinic:service-binding-operator" cannot
              get resource "postgresclusters" in API group "postgres-operator.crunchydata.com"
              in the namespace "my-petclinic"`
      ----

      Workaround 1: Install the Service Binding Operator in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds.

      Workaround 2: If you cannot install the Service Binding Operator in the `all namespaces` installation mode, install the following role binding into the namespace where the Service Binding Operator is installed:
      +
      .Example: Role binding for Crunchy Postgres Operator
      [source,yaml]
      ----
      kind: RoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: service-binding-crunchy-postgres-viewer
      subjects:
        - kind: ServiceAccount
          name: service-binding-operator
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: service-binding-crunchy-postgres-viewer-role
      ----
      Show
      Currently, when you install the Service Binding Operator in the single namespace installation mode, the absence of an appropriate namespace-scoped role-based access control (RBAC) rule prevents the successful binding of an application to a few known Operator-backed services that the Service Binding Operator can automatically detect and bind to. In addition, the following error message is generated: + .Example error message ---- `postgresclusters.postgres-operator.crunchydata.com "hippo" is forbidden:         User "system:serviceaccount:my-petclinic:service-binding-operator" cannot         get resource "postgresclusters" in API group "postgres-operator.crunchydata.com"         in the namespace "my-petclinic"` ---- Workaround 1: Install the Service Binding Operator in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds. Workaround 2: If you cannot install the Service Binding Operator in the `all namespaces` installation mode, install the following role binding into the namespace where the Service Binding Operator is installed: + .Example: Role binding for Crunchy Postgres Operator [source,yaml] ---- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata:   name: service-binding-crunchy-postgres-viewer subjects:   - kind: ServiceAccount     name: service-binding-operator roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: service-binding-crunchy-postgres-viewer-role ----

      1. Create a new project in openshift console.
      2. Install Crunchy PostgreSQL operator and SBO in that namespace.
      3. Followed https://redhat-developer.github.io/service-binding-operator/userguide/getting-started/quick-start.html for creating database instance and sprint rest app
      4. Create a service binding between sprint rest app and postgres.
      5. Application injection and update status section shows as false and no service application bound.

              Unassigned Unassigned
              kmamgain@redhat.com Kartikey Mamgain (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: