Hi, I'm trying to use a service account on the oapi to instantiate deployments from outside my cluster, but am hitting 403 errors on everything. The token auth works, as I can see the SA username in the failure message.
Even basic listing deployment configs are denied (/oapi/v1/namespaces/microsvc/deploymentconfigs): User "system:serviceaccount:microsvc:git" cannot list deploymentconfigs in project "microsvc" My service account has the following rolebindings: system:deployers system:deployment-controller system:deploymentconfig-controller My references for: oapi: https://docs.openshift.org/latest/rest_api/oapi/v1.DeploymentConfig.html authorization: https://docs.openshift.com/container-platform/3.3/admin_solutions/user_role_mgmt.html What am I missing? Frank Co-Lead, Server & Networks Team VSee: [email protected] <http://vsee.com/u/tmd4RB> | Cell: +65 9338 0035 Join me on VSee for Free <http://vsee.com/s/e6ec489a>
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
