Details
-
Story
-
Resolution: Done
-
Major
-
None
-
None
Description
At present, operator skips all system namespaces while creating RBAC resources. We define system namespace as any namespace or project with a `kube-` or `openshift-` prefix.
As a result, RBAC resources are not created in our defult targetNamespace `openshift-pipelines`. This could catch both our users and developers off-gurard.
example (slack message)
148m Warning FailedCreate job/pipelines-as-code-pr-cleanup-27547980 Error creating: pods “pipelines-as-code-pr-cleanup-27547980--1-” is forbidden: error looking up service account openshift-pipelines/pipeline: serviceaccount “pipeline” not found
One solution for this could be to make sure operaotor creates RBAC resoureces in targetNamespace(s) even if it has a kube- or openshift- prefix.
Acceptance Criteria
- Operator can create RBAC resources in targetNamespace even if the namespace has a `kube- or openshift-` prefix