Re: Cluster wide service account

Amaya

I'm preparing for my ex336 but I can't manage to create a cluster wide service account that will allow me to run playbooks that create objects in the OCP cluster.

Tried with both https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html/automation_con...
and "oc adm policy add-cluster-role-to-user cluster-admin -z sa-name" then I create the token but still no permissions to access other projects.

Does anyone know how to solve this?

Many thanks in advance

flozano

Your command looks right. Are you sure your current project is the one which contains the "sa-name" service account? Remember that service accounts are namespaced resources, but Kuberentes resources perform no referential integrity checks, unlike relational databases, so you could add a role to a user, group, or SA which doesn't exist, and it would create the rolebinding (or clusterrolebinding) anyway.

Cluster wide service account

ex336

ocp-v

Service Account