I am trying to create a clusterrole using following definition
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: kubeflow-istio-admin
labels:
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true"
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true"
rules: []
kind: ClusterRole
metadata:
name: kubeflow-istio-admin
labels:
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true"
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true"
rules: []
This failed on OC 3.11 cluster with
----
Error from server (Forbidden): error when creating "role.yaml": clusterroles.rbac.authorization.k8s.io "kubeflow-istio-admin" is forbidden: must have cluster-admin privileges to use the aggregationRule
----
But the same succeeded on OC 4.1.
Tried to search for explanation of different behavior but in vain. Anyone here knows what could be the reason?
Thanks.
Weiqiang Zhuang
___________________________________
IBM CODAIT
IBM Silicon Valley Lab
Tel: 408-463-5992
___________________________________
IBM CODAIT
IBM Silicon Valley Lab
Tel: 408-463-5992
T/L: 25435992
Email: wzhu...@us.ibm.com
Email: wzhu...@us.ibm.com
_______________________________________________ users mailing list users@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/users
