[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Service Account for Deployment Trigger



Hi, 

I'm trying to use a service account on the oapi to instantiate deployments from outside my cluster, but am hitting 403 errors on everything. The token auth works, as I can see the SA username in the failure message. 

Even basic listing deployment configs are denied (/oapi/v1/namespaces/microsvc/deploymentconfigs):

User "system:serviceaccount:microsvc:git" cannot list deploymentconfigs in project "microsvc"

My service account has the following rolebindings: 

system:deployers
system:deployment-controller
system:deploymentconfig-controller

My references for: 
oapi: https://docs.openshift.org/latest/rest_api/oapi/v1.DeploymentConfig.html
authorization: https://docs.openshift.com/container-platform/3.3/admin_solutions/user_role_mgmt.html

What am I missing? 

Frank 
Co-Lead, Server & Networks Team

VSee: frank vsee com | Cell: +65 9338 0035


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]