To access things across all namespaces, you need a ClusterRoleBinding, not a RoleBinding. RoleBindings only give you access to the role scoped to the namespace the RoleBinding is in.
On Tue, Jul 17, 2018 at 10:21 AM Eric D Helms <[email protected]> wrote: > Howdy, > > I am trying to manage routes via a serviceaccount with the following but > running into an issue with permission denied: > > "User \\\"system:serviceaccount:foreman:foreman-operator\\\" cannot get > routes in the namespace \\\"foreman\\\"" > > Resource Definitions: > > apiVersion: rbac.authorization.k8s.io/v1beta1 > kind: ClusterRole > metadata: > name: foreman-operator > rules: > - apiGroups: > - app.theforeman.org > resources: > - "*" > verbs: > - "*" > - apiGroups: > - "" > resources: > - pods > - services > - endpoints > - persistentvolumeclaims > - events > - configmaps > - secrets > - serviceaccounts > verbs: > - "*" > - apiGroups: > - apps > resources: > - deployments > - daemonsets > - replicasets > - statefulsets > verbs: > - "*" > - apiGroups: > - batch > resources: > - jobs > verbs: > - "*" > - apiGroups: > - route.openshift.io > resources: > - routes > - routes/status > verbs: > - create > - delete > - deletecollection > - get > - list > - patch > - update > - watch > - apiGroups: > - rbac.authorization.k8s.io > resources: > - roles > verbs: > - "*" > > --- > > kind: RoleBinding > apiVersion: rbac.authorization.k8s.io/v1beta1 > metadata: > name: foreman-account-app-operator > namespace: foreman > subjects: > - kind: ServiceAccount > name: foreman-operator > roleRef: > kind: ClusterRole > name: foreman-operator > apiGroup: rbac.authorization.k8s.io > > --- > > apiVersion: v1 > kind: ServiceAccount > metadata: > name: foreman-operator > > > -- > Eric D. Helms > Red Hat Engineering > Ph.D. Student - North Carolina State University > _______________________________________________ > users mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/users >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
