Uploaded image for project: 'OpenShift Workloads'
  1. OpenShift Workloads
  2. WRKLDS-916

No token generation for "Deployer" serviceaccount when capability is disabled.

XMLWordPrintable

    • No token generation for "Deployer" serviceaccount when capability is disabled.
    • False
    • None
    • False
    • Not Selected
    • To Do
    • OCPSTRAT-891 - No token generation for "Deployer" serviceaccount when capability is disabled.
    • OCPSTRAT-891No token generation for "Deployer" serviceaccount when capability is disabled.
    • 100
    • 100% 100%
    • Workloads Sprint 245

      Epic Goal*

      No token generation for "Deployer" serviceaccount when capability is disabled.
       
      Why is this important? (mandatory)

      Customer needs to be able to turn off the 'deployer' service account created by openshift by default and not create related SA tokens. This service account cannot be deleted and there is no way to automate project creation to disable their role bindings because a controller manages them.

      This undermines multi-tenant values of openshift as this is giving a project (and the users in that project who have secret access), permissions that we do not want them to have.
       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1.  No token generation for "Deployer" serviceaccount when capability is disabled.

            aguclu@redhat.com Arda Guclu
            jchaloup@redhat.com Jan Chaloupka
            Rama Kasturi Narra Rama Kasturi Narra
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: