Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Story Points:
3
Blocked:
False
Blocked Reason:
None
Ready:
False
Intelligence Requested:
Market:

Sprint:
OTA 256, OTA 257

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

Following up https://github.com/openshift/cincinnati-operator/pull/190#discussion_r1663190423
"All namespaces on the cluster" installs are no longer supported,
OSUS should work with namespaced permissions and thus the cluster level role/robindings should not be needed.

However, the attempt of migrating to role/rolebinding from clusterrole/clusterrolebinding failed
as the e2e job errored out

updateservices.updateservice.operator.openshift.io is forbidden: User "system:serviceaccount:openshift-updateservice:updateservice-operator" cannot list resource "updateservices" in API group "updateservice.operator.openshift.io" at the cluster scope

We should remove the API calls from OSUS that caused the error.

AC:
OSUS runs without any cluster-level permissions.

is caused by

OCPBUGS-37091 There should be an error when osus instance not in same namespace with osus operator

Closed

is documented by

OTA-1317 Clearly document that OSUS operator and operands must run in a single namespace

To Do

links to

openshift/cincinnati-operator#191: OTA-1305: Move away from clusterrole and clusterrolebinding

openshift/cincinnati-operator#207: [WIP]Test for OTA-1305

QE tracker

Closed

Jian Li

Assignee:: Hongkai Liu

Reporter:: Hongkai Liu

QA Contact:: Jian Li

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2024/07/03 1:51 AM

Updated:: 2024/07/31 1:57 AM

Resolved:: 2024/07/31 1:57 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Sub-Tasks

Activity

People

Dates