First, when checking permissions, resources are always plural: `oc policy who-can list configmaps -n logging`
The view role will grant this access (along with access to many other non-escalating resources in the project). You can grant it like this: oc policy add-role-to-user view -z logging-deployer -n logging On Tue, Jul 12, 2016 at 4:50 AM, Michael Leimenmeier <[email protected]> wrote: > Hi, > > I've tried to set up logging with the EFK stack according to the > documentation for OpenShift 3.2, but when I try to deploy the > logging-deployer pod it fails into Error status with the following error > message in the container log: > > [...] > + echo 'Attaching secrets to service accounts' > + oc secrets add serviceaccount/aggregated-logging-kibana logging-kibana > logging-kibana-proxy > + oc secrets add serviceaccount/aggregated-logging-elasticsearch > logging-elasticsearch > + oc secrets add serviceaccount/aggregated-logging-fluentd logging-fluentd > + oc secrets add serviceaccount/aggregated-logging-curator logging-curator > Deleting configmaps > + '[' -n '' ']' > + generate_configmaps > + echo 'Deleting configmaps' > + oc delete configmap -l logging-infra=support > Error from server: User "system:serviceaccount:logging:logging-deployer" > cannot list configmaps in project "logging" > > [ full output at http://pastebin.com/sUZrNX1b ] > > When I take a look who is allowed to list configmaps the logging-deployer > serviceaccount is not listed: > 10:18:16 root@osmaster:~> oc policy who-can list configmap -n logging > Namespace: logging > Verb: list > Resource: configmaps > > Users: system:serviceaccount:openshift-infra:namespace-controller > > Groups: system:cluster-admins > system:masters > > But to be honest I don't have a clue how to add a verb/resource pair to a > serviceaccount. > I've tried to add the view/edit/admin roles to the serviceaccount but no > luck. > > Any help would be greatly appreciated! > > Thanks and kind regards, > Lemmy. > > > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
