Re: Issues with Namespace and Cluster Scoped Permissions

[Daniel Messer]

+SDK

On Mon, Aug 10, 2020 at 10:27 AM Ric Featherstone <ric...@japeoh.com> wrote:

I understand the why, the issue is how to stop it.

In the config directory, I have added a serviceaccount folder, added a kustomization.yaml with resources list for the two service accounts, added this folder to bases in default/kustomization.yaml.

The service account manifests are picked up correctly but because default/kustomization.yaml adds the namespace to resources it's added to the service account manifests.

This final piece, where kustomize adds the namespace to the manifests is what I need help to prevent.

Thanks

On Friday, 7 August 2020 at 12:02:49 UTC+1 dme...@redhat.com wrote:

This is due to the fact that OLM will create the Service Account in the namespaces for you, depending on where your Operator watches.

On Mon, Aug 3, 2020 at 5:52 PM Ric Featherstone <ric...@japeoh.com> wrote:

I am currently migrating what I've been working on to v1.0.0-alpha.2 and could use some advice.

I've added the clusterrole and binding to rbac and am trying to add the service account.

I've created a serviceaccount folder, added the manifest and a kustomization.yaml and added the folder to bases in default/kustomization.yaml.

When I run `make bundle` the expected manifests are created in bundle/manifests but I get an error about meta.namespace being forbidden on service accounts when the bundle is validated.

I'm not familiar with Kustomize, is there a way to exclude the service account from having the default namespace added?

--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/e45b1fa0-0f2c-4bfc-9c9f-fe6dfa6ad434n%40googlegroups.com.

--

Daniel Messer

Product Manager Operator Framework & Quay

Red Hat OpenShift

--
You received this message because you are subscribed to the Google Groups "Operator Framework" group.
To unsubscribe from this group and stop receiving emails from it, send an email to operator-framew...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/operator-framework/844144c9-18a4-4d37-ae82-51ffb3f93460n%40googlegroups.com.

--

Daniel Messer

Product Manager Operator Framework & Quay

Red Hat OpenShift