Skip to content

Commit

Permalink
Add Service Accounts of "olm" namespace into the privileged SCC
Browse files Browse the repository at this point in the history 
This fix ensures that OLM pods can be deployed into the "olm" namespace
because some pods require to run with specific Security Requirements not
allowed by the default "restricted" SCC.
  • Loading branch information
@morucci
morucci committed Jun 12, 2024
1 parent daf8def commit 9916689
Showing 1 changed file with 10 additions and 5 deletions.
15 changes: 10 additions & 5 deletions tasks/olm.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,13 +21,18 @@
failed_when: olm_status.rc not in [0, 1]
changed_when: true

- name: Install OLM with SDK
# Set ns/user to SCC before we run the OLM installation
- name: Ensure privileged SCC for OLM
ansible.builtin.command:
"{{ repo_dir }}/operator-sdk olm install --version {{ olm_version }}"
when: olm_status.rc != 0
oc adm policy add-scc-to-user privileged system:serviceaccount:olm:{{ item }}
changed_when: true
loop:
- "default"
- "operatorhubio-catalog"
- "olm-operator-serviceaccount"

- name: Ensure privileged SCC for OLM
- name: Install OLM with SDK
ansible.builtin.command:
oc adm policy add-scc-to-user privileged system:serviceaccount:olm:default
"{{ repo_dir }}/operator-sdk olm install --version {{ olm_version }}"
when: olm_status.rc != 0
changed_when: true

0 comments on commit 9916689

Please sign in to comment.