[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Managing Routes with a Service Account



To access things across all namespaces, you need a ClusterRoleBinding, not a RoleBinding.  RoleBindings only give you access to the role scoped to the namespace the RoleBinding is in.

On Tue, Jul 17, 2018 at 10:21 AM Eric D Helms <eric d helms gmail com> wrote:
Howdy,

I am trying to manage routes via a serviceaccount with the following but running into an issue with permission denied:

"User \\\"system:serviceaccount:foreman:foreman-operator\\\" cannot get routes in the namespace \\\"foreman\\\"" 

Resource Definitions:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
  name: foreman-operator
rules:
- apiGroups:
  - app.theforeman.org
  resources:
  - "*"
  verbs:
  - "*"
- apiGroups:
  - ""
  resources:
  - pods
  - services
  - endpoints
  - persistentvolumeclaims
  - events
  - configmaps
  - secrets
  - serviceaccounts
  verbs:
  - "*"
- apiGroups:
  - apps
  resources:
  - deployments
  - daemonsets
  - replicasets
  - statefulsets
  verbs:
  - "*"
- apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - "*"
- apiGroups:
  - route.openshift.io
  resources:
  - routes
  - routes/status
  verbs:
  - create
  - delete
  - deletecollection
  - get
  - list
  - patch
  - update
  - watch
- apiGroups:
  - rbac.authorization.k8s.io
  resources:
  - roles
  verbs:
  - "*"

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: foreman-account-app-operator
  namespace: foreman
subjects:
- kind: ServiceAccount
  name: foreman-operator
roleRef:
  kind: ClusterRole
  name: foreman-operator
  apiGroup: rbac.authorization.k8s.io

---

apiVersion: v1
kind: ServiceAccount
metadata:
  name: foreman-operator


--
Eric D. Helms
Red Hat Engineering
Ph.D. Student - North Carolina State University
_______________________________________________
users mailing list
users lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]