New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ark sa always needs namespace create perms #673
Comments
Or make the auto creation configurable. Though I wonder how it can even create the namespace. As an deployment should run in a namespace to even be able to access the sa to connect to the api. I can be mistaken.... |
I think requiring the namespace be created beforehand is fine. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What steps did you take and what happened:
We want to run ark without any restore permissions at this moment in time.
We are running openshift 3.9 (in this case on minishift)
I created a copy of cluster-reader clusterrole and added:
when starting ark:
An error occurred: error creating namespace config-hist: namespaces is forbidden: User "system:serviceaccount:config-hist:ark" cannot create namespaces at the cluster scope: User "system:serviceaccount:config-hist:ark" cannot create namespaces at the cluster scope
What did you expect to happen:
running ark, able to make backups
Anything else you would like to add:
Environment:
oc v3.9.0+191fece
kubernetes v1.9.1+a0ce1bc657
features: Basic-Auth
Server https://192.168.99.110:8443
openshift v3.9.0+71543b2-33
kubernetes v1.9.1+a0ce1bc657
/etc/os-release
): minishift start --iso-url centosThe text was updated successfully, but these errors were encountered: