Uploaded image for project: 'Kogito'
  1. Kogito
  2. KOGITO-171

Kogito Operator requires custom roles to access kube API

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Minor Minor
    • 0.3.0
    • 0.2.0
    • Operator
    • None
    • Low
    • Hide

      Create the mentioned role and add it to the Operator SA:

      oc adm policy add-role-to-user service-reader -z kogito-service  --role-namespace=<namespace> -n <namespace>
      Show
      Create the mentioned role and add it to the Operator SA: oc adm policy add-role-to-user service-reader -z kogito-service --role-namespace=<namespace> -n <namespace>
    • 2019 Week 32-34

      During deployment, Kogito Operator is creating a RoleBinding that does not add the GET verb to the Services resources. For this to work a new role must be created adn associated to it:

      apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  creationTimestamp: "2019-08-21T23:19:21Z"
  name: service-reader
  namespace: kogito-cli
  resourceVersion: "4036151"
  selfLink: /apis/rbac.authorization.k8s.io/v1/namespaces/kogito-cli/roles/service-reader
  uid: 1b5b58a0-c46a-11e9-8f2c-0615e4bfa428
rules:
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - list
  - get
  - watch

              rhn-support-zanini Ricardo Zanini
              rhn-support-zanini Ricardo Zanini
              Karel Suta Karel Suta
              Karel Suta Karel Suta
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: