a couple of points here:
- oc policy add-role-to-user admin system:serviceaccounts:project1:inciga -n project1 would have worked for the project.
did not work :( trust me .. checked a lot of times
same command with view role did the trick
If you have used oadm policy add-cluster-role-to-user you should use a cluster role, which view or cluster-admin are and admin is not.
also tried, no luck :(
- we validated with oc get rc -n project1 --as=system:serviceaccounts:project1:inciga that the rights were sufficient for queries specific to the project.
i know .. and i am still trying to understand why the view role did the trick for me using curl or python request and was not needed using oc get ..
- when you say the token provided by oc login you probably mean the token of a user account, which is shorter than the token of a service account. On the other hand it will expire, which is not the case for a token of a service account.
right! that is why i decided to move to service account
Happy that it works for you now.
me too :)
thanks all for the support.