[DevWorkspace] Make it possible to bind namespace role to a namespace service-account
See original GitHub issueIs your task related to a problem? Please describe
When provisioning a namespace, Che sets serviceAccountName
as che-workspace
, but in the DevWorkspace installation we have another Service Account like workspace<workspace id>-sa
which is actually used for a workspace. So when creating a role binding it is binded to the che-workspace
service account, but when I make a kubernetes request from a workspace container it is using a token of the workspace<workspace id>-sa
service account.
Describe the solution you’d like
Need to have a way to bind namespace roles to a namespace service-account.
Describe alternatives you’ve considered
No response
Additional context
No response
Issue Analytics
- State:
- Created 2 years ago
- Comments:11 (10 by maintainers)
Top Results From Across the Web
How to Use ClusterRoleBinding With A ServiceAccount in All ...
ClusterRoleBinding is a powerful feature of Kubernetes RBAC that allows you to grant permissions cluster-wide in all namespaces.
Read more >Using RBAC Authorization | Kubernetes
A RoleBinding grants permissions within a specific namespace whereas a ClusterRoleBinding grants that access cluster-wide. A RoleBinding may ...
Read more >How to Create kubernetes Role for Service Account
Create a service account bound to the namespace webapps namespace · Create a role with the list of required API access to Kubernetes...
Read more >How to Create Namespace, Role Binding and Service ...
In this article, We are going to perform How to Create New Namespace, Role Binding and Service Account in Kubernetes Cluster using YAML....
Read more >Add dynamic service accounts in namespace matchLabel #137
When a namespace is created with a given label, I'd like to provision a service account in that namespace, and create rolebindings for...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
There is no technical reason for storing preferences in secret but not in config-map, so I am +1 to have a config-map
workspace-preferences-configmap
.Closing as https://github.com/devfile/devworkspace-operator/pull/675 is merged