Skip to content

Commit 9b4f549

Browse files
michalrabinowitchmichalrabinowitch
authored
RED_24847 - create Service Broker rolebinding using oc adm to support… (#22)
* RED_24847 - create Service Broker rolebinding using oc adm to support multiple namespace per clusterrolebinding
1 parent 34cb4c8 commit 9b4f549

File tree

2 files changed

+12
-16
lines changed

2 files changed

+12
-16
lines changed

README.md

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,13 +48,23 @@ git clone https://github.com/RedisLabs/redis-enterprise-k8s-docs.git
4848
```
4949
oc adm policy add-scc-to-group redis-enterprise-scc system:serviceaccounts:my-project
5050
```
51-
If you're deploying a service broker also apply the sb_rbac.yaml file. First, edit sb_rbac.yaml namespace field to reflect the namespace you've created or switched to in the previous steps.
51+
If you're deploying a service broker also apply the sb_rbac.yaml file.
5252
```
5353
kubectl apply -f sb_rbac.yaml
5454
```
5555
> You should receive the following response:
5656
```
57-
clusterrolebinding.rbac.authorization.k8s.io/redis-enterprise-operator configured
57+
clusterrole "redis-enterprise-operator-sb" configured
58+
```
59+
60+
Bind the Cluster Service Broker role to the operator service account (in the current namespace):
61+
```
62+
oc adm policy add-cluster-role-to-user redis-enterprise-operator-sb --serviceaccount redis-enterprise-operator --rolebinding-name=redis-enterprise-operator-sb
63+
```
64+
65+
> You should receive the following response:
66+
```
67+
cluster role "redis-enterprise-operator-sb" added: "redis-enterprise-operator"
5868
```
5969
6070
3) The next step applies rbac.yaml, creating a service account, role, and role-binding to allow resources access control (provides permissions to create and manage resources):

sb_rbac.yaml

Lines changed: 0 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -6,17 +6,3 @@ rules:
66
- apiGroups: ["servicecatalog.k8s.io"]
77
resources: ["clusterservicebrokers"]
88
verbs: ["*"]
9-
10-
---
11-
kind: ClusterRoleBinding
12-
apiVersion: rbac.authorization.k8s.io/v1beta1
13-
metadata:
14-
name: redis-enterprise-operator
15-
subjects:
16-
- kind: ServiceAccount
17-
name: redis-enterprise-operator
18-
namespace: NAMESPACE
19-
roleRef:
20-
kind: ClusterRole
21-
name: redis-enterprise-operator-sb
22-
apiGroup: rbac.authorization.k8s.io

0 commit comments

Comments
 (0)