Uploaded image for project: 'OpenShift Pipelines'
  1. OpenShift Pipelines
  2. SRVKP-2270

RBAC (pipeline sa) should be created in openshift-pipelines namespace

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done
    • Icon: Major Major
    • Pipelines 1.7.1
    • None
    • Operator
    • None
    • Pipelines Sprint 219

      At present, operator skips all system namespaces while creating RBAC resources. We define system namespace as any namespace or project with a `kube-` or `openshift-` prefix. 

      As a result, RBAC resources are not created in our defult targetNamespace `openshift-pipelines`. This could catch both our users and developers off-gurard.

       

      example (slack message)

       

       148m       Warning  FailedCreate      job/pipelines-as-code-pr-cleanup-27547980  Error creating: pods “pipelines-as-code-pr-cleanup-27547980--1-” is forbidden: error looking up service account openshift-pipelines/pipeline: serviceaccount “pipeline” not found

       

       

      One solution for this could be to make sure operaotor creates RBAC resoureces in targetNamespace(s) even if it has a kube- or openshift- prefix.

       

      Acceptance Criteria

      • Operator can create RBAC resources in targetNamespace even if the namespace has a `kube- or openshift-` prefix

              smukhade Shivam Mukhade (Inactive)
              rh-ee-nikthoma Nikhil Thomas
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: