OpenShift environment - Kube-Notary pod runs into permission error

[opvizordz]

I deployed Kube-Notary into our OpenShift environment using the deployment scripts in this repo (kubernetes/kube-notary/templates):

Step by step I ran:

oc login -u system:admin
 kubectl apply -f serviceaccount.yaml
 oc adm policy add-scc-to-user privileged -z kube-notary
 kubectl apply -f role.yaml
 kubectl apply -f rolebinding.yaml
 kubectl apply -f service.yaml
 kubectl apply -f configmap.yaml
 kubectl apply -f deployment.yaml

When checking the logs of the kube-notary pod:

kubectl get  pods | grep kube-notary
kubectl logs kube-notary-...

I see the following errors:

Error getting pods: pods is forbidden: User \"system:serviceaccount:test:kube-notary\" cannot list pods at the cluster scope: no RBAC policy matched"

No data is being collected.

[opvizordz]

I actually solved it myself ... OpenShift is automatically pointing to the project namespace when running kubectl. The file rolebinding.yaml points to namespace default. In my case the project was not in the namespace default but test.

Changing the namespace to test, did the trick

[leogr]

It just needs to be well documented. I'll close the issue when done.