Mirroring the openshift project, I've been able to create a second project with the same shared-resource-viewer Role added to group system:authenticated.
oc new-project common
oc export role shared-resource-viewer -n openshift | oc create -f -
oc policy add-role-to-group shared-resource-viewer system:authenticated --role-namespace=common
Images and templates in this project can then be shared by other projects.
However getting the UI to display these images and templates is proving to be a challenge:
policyConfig option in master-config.yaml seems promising:
OpenShiftSharedResourcesNamespace (string): The namespace where shared OpenShift resources are located, such as shared templates.
But when I change this from openshift (default) to common, and delete all the default images, imagestreams and templates in the openshift namespace, the UI catalog states that no images or templates were found in the openshift namespace. This leads me to believe the UI is not honoring the above setting, or my understanding of that parameter is incorrect.
Further, if I take away the shared-resource-viewer role from system:authenticated in the openshift namespace, the following errors appear on the UI catalog:
Failed to list templates/v1 (403)
Failed to list imagestreams/v1 (403)
Any pointers would be much appreciated