By default create users namespaces using Che ServiceAccount #19717
Assignees
Labels
area/che-server
kind/task
Internal things, technical debt, and to-do tasks to be performed.
new¬eworthy
For new and/or noteworthy issues that deserve a blog post, new docs, or emphasis in release notes
status/release-notes-review-done
Issues that have been reviewed by the doc team for the Release Notes wording
Milestone
Comments
skabashnyuk
added
kind/task
che-bot
added
the
status/need-triage
skabashnyuk
removed
the
status/need-triage
This was referenced May 26, 2021
Closed
6 tasks
l0rd
added
new¬eworthy
l0rd
changed the title
l0rd
changed the title
themr0c
added
status/release-notes-review-done
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your task related to a problem? Please describe.
At this moment when OpenShift OAuth is enabled che-server creating a namespace on behalf of the user's SA.
That brings a lot of manual work for the cluster admins in case if namespaces provisioning is not allowed for the users.
Desired user's permissions in a newly created namespace - TBD
Describe the solution you'd like
Consider creating user namespaces with che-server's SA even when OpenShift OAuth is enabled
Describe alternatives you've considered
n/a
Additional context
Release Notes Text
By default Che now creates users namespaces using Che ServiceAccount, even if OpenShift OAuth is enabled. This will avoid failures when users don't have enough privileges to create namespaces. An administrator can still change the default and configure Che to create namespaces using users tokens.
The text was updated successfully, but these errors were encountered: