Reputation: 1115
Openshift RBAC policy to allow projects in preview environment to access images from different project
I am using OKD with Jenkinsx setup and jenkinsx creates a project dynamically based on a Pull Request created by a developer and deploys the services in that project.
But the services in those projects fails with "ImagePullBackOff" error since the pods in those projects are unable to access images from a different project.
I am trying to allow the projects under preview environment to access images from a different project.
Since the projects under preview environment are dynamically generated, I can add the image puller policy after the project has been created.
oc policy add-role-to-user system:image-puller system:serviceaccount:<project-b>:default --namespace=<project-a>
But I need a policy/command to allow pods in projects under preview environment to access images from a different project before the projects got created.
Please let me know the polcy/process to do it. Any suggestions here would be appreciated.
Upvotes: 4
Views: 149
Answers (1)
Reputation: 79
I think you need to give a RoleBinding to the group and project you want to deploy. There is sample how to give RoleBinding to specific group on specific Project: project-rolebinding-give-authority-to-project-specific-
Upvotes: 0
Related Questions
- How to allow image pull from one project to another in openshift?
- Openshift custom resources restrictions
- Openshift: Jenkins in a separate project
- How to use external Jenkins to deploy applications in Openshift
- Openshift: User "system:serviceaccount:<project>:jenkins" can't create PV : RBAC: clusterrole.rbac.authorization.k8s.io "create" not found
- Openshift - Error adding jenkins app to a project
- Deploying specific tagged image in openshift
- One service account to pull images to multiple projects
- Openshift privileged container access services from openshift namespace
- pushing a image to Openshift with a Jenkins file