astefanutti commented on pull request #2696:
URL: https://github.com/apache/camel-k/pull/2696#issuecomment-948749228
> As @nicolaferraro said I'm not sure how public the "kube-public" namespace
really is:
>
> ```
> $kubectl auth can-i get cm -n kube-public --as
system:serviceaccount:camel-k:camel-k-operator
> no
> ```
That means the operator service account do not have the required permission,
but I would not deduce `kube-public` is not "public" from it. That only means
read permission is granted for all users, but not service account. This is for
us to add the permission to the operator service account.
One solution is to create a dedicated ClusterRole with:
```yaml
rules:
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["local-registry-hosting"]
verbs: ["get"]
```
And a RoleBinding projecting that ClusterRole on the `kube-public` namespace
for the operator service account.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
