Uploaded image for project: 'Service Binding'
  1. Service Binding
  2. APPSVC-1062

Service Binding Operator Installation in a single namespace

    XMLWordPrintable

Details

    • Bug
    • Status: Backlog
    • Normal
    • Resolution: Unresolved
    • None
    • None
    • Service Binding
    • False
    • False
    • Hide
      Currently, when you install the Service Binding Operator in the single namespace installation mode, the absence of an appropriate namespace-scoped role-based access control (RBAC) rule prevents the successful binding of an application to a few known Operator-backed services that the Service Binding Operator can automatically detect and bind to. In addition, the following error message is generated:
      +
      .Example error message
      ----
      `postgresclusters.postgres-operator.crunchydata.com "hippo" is forbidden:
              User "system:serviceaccount:my-petclinic:service-binding-operator" cannot
              get resource "postgresclusters" in API group "postgres-operator.crunchydata.com"
              in the namespace "my-petclinic"`
      ----

      Workaround 1: Install the Service Binding Operator in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds.

      Workaround 2: If you cannot install the Service Binding Operator in the `all namespaces` installation mode, install the following role binding into the namespace where the Service Binding Operator is installed:
      +
      .Example: Role binding for Crunchy Postgres Operator
      [source,yaml]
      ----
      kind: RoleBinding
      apiVersion: rbac.authorization.k8s.io/v1
      metadata:
        name: service-binding-crunchy-postgres-viewer
      subjects:
        - kind: ServiceAccount
          name: service-binding-operator
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: service-binding-crunchy-postgres-viewer-role
      ----
      Show
      Currently, when you install the Service Binding Operator in the single namespace installation mode, the absence of an appropriate namespace-scoped role-based access control (RBAC) rule prevents the successful binding of an application to a few known Operator-backed services that the Service Binding Operator can automatically detect and bind to. In addition, the following error message is generated: + .Example error message ---- `postgresclusters.postgres-operator.crunchydata.com "hippo" is forbidden:         User "system:serviceaccount:my-petclinic:service-binding-operator" cannot         get resource "postgresclusters" in API group "postgres-operator.crunchydata.com"         in the namespace "my-petclinic"` ---- Workaround 1: Install the Service Binding Operator in the `all namespaces` installation mode. As a result, the appropriate cluster-scoped RBAC rule now exists and the binding succeeds. Workaround 2: If you cannot install the Service Binding Operator in the `all namespaces` installation mode, install the following role binding into the namespace where the Service Binding Operator is installed: + .Example: Role binding for Crunchy Postgres Operator [source,yaml] ---- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata:   name: service-binding-crunchy-postgres-viewer subjects:   - kind: ServiceAccount     name: service-binding-operator roleRef:   apiGroup: rbac.authorization.k8s.io   kind: ClusterRole   name: service-binding-crunchy-postgres-viewer-role ----

    Description

      1. Create a new project in openshift console.
      2. Install Crunchy PostgreSQL operator and SBO in that namespace.
      3. Followed https://redhat-developer.github.io/service-binding-operator/userguide/getting-started/quick-start.html for creating database instance and sprint rest app
      4. Create a service binding between sprint rest app and postgres.
      5. Application injection and update status section shows as false and no service application bound.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              kmamgain@redhat.com Kartikey Mamgain
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated: