Uploaded image for project: 'OpenShift Workloads'
  1. OpenShift Workloads
  2. WRKLDS-916

No token generation for "Deployer" serviceaccount when capability is disabled.

XMLWordPrintable

    • No token generation for "Deployer" serviceaccount when capability is disabled.
    • Product / Portfolio Work
    • OCPSTRAT-891No token generation for "Deployer" serviceaccount when capability is disabled.
    • 0% To Do, 0% In Progress, 100% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • None
    • None

      Epic Goal*

      No token generation for "Deployer" serviceaccount when capability is disabled.
       
      Why is this important? (mandatory)

      Customer needs to be able to turn off the 'deployer' service account created by openshift by default and not create related SA tokens. This service account cannot be deleted and there is no way to automate project creation to disable their role bindings because a controller manages them.

      This undermines multi-tenant values of openshift as this is giving a project (and the users in that project who have secret access), permissions that we do not want them to have.
       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1.  No token generation for "Deployer" serviceaccount when capability is disabled.

              aguclu@redhat.com Arda Guclu
              jchaloup@redhat.com Jan Chaloupka
              None
              None
              Rama Kasturi Narra Rama Kasturi Narra
              None
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: