Creating Role Based Access Control for Service Account

If you are deploying the application on a namespace other than the default namespace, and if you have not created Role Based Access Control (RBAC), create RBAC with the cluster admin role to assign the required permissions to the service account used for application deployment.

The following sample file illustrates RBAC with the service account as <service-account> with the target namespace as <namespace>. Create a yaml file with the name b2bi-rbac.yaml, with the below sample file contents and replace the <namespace> and <service-account> with the respective values.

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ibm-b2bi-role-<namespace>
  namespace: <namespace>
rules:
  - apiGroups: ['route.openshift.io']
    resources: ['routes','routes/custom-host']
    verbs: ['get', 'watch', 'list', 'patch', 'update']
  - apiGroups: ['','batch']
    resources: ['secrets','configmaps','persistentvolumes','persistentvolumeclaims','pods','services','cronjobs','jobs']
    verbs: ['create', 'get', 'list', 'delete', 'patch', 'update']
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: ibm-b2bi-rolebinding-<namespace>
  namespace: <namespace>
subjects:
  - kind: ServiceAccount
    name: <service-account>
    namespace: <namespace>
roleRef:
  kind: Role
  name: ibm-b2bi-role-<namespace>
  apiGroup: rbac.authorization.k8s.io

Create the RBAC with the following command:

OpenShift Client:
oc apply -f b2bi-rbac.yaml
Kubernetes Client:
kubectl apply -f b2bi-rbac.yaml