openshift: allow serviceaccount to create project

Question

i created a service account for gitlab oc create serviceaccount gitlab-sa

i assigned to this service account an edit role for the project and for the cluster

oc policy add-role-to-user edit -z gitlab-sa and oc policy add-cluster-role-to-user -z gitlab-sa

i can successfully login using oc login openshift-server --token=gitlab-sa-token but when i create a new project oc new-project foo

i get: Error from server (Forbidden): You may not request a new project via this API

How can i allow this serviceaccount to create a new project ?

score 3 · Accepted Answer · answered Aug 02 '18 at 19:13

3

Try oc policy add-cluster-role-to-user self-provisioner -z gitlab-sa. Service accounts aren't able to create projects by default.

answered Aug 02 '18 at 19:13

Will Gordon

score 3 · Answer 2 · edited Aug 13 '19 at 22:51

3

The command

oc adm policy add-cluster-role-to-user self-provisioner -z [service-account-username] -n [namespace]

works for me.

edited Aug 13 '19 at 22:51

zx485

answered Aug 13 '19 at 16:31

Michel

2 Answers2