Bug 1313556

Summary: Include service account and secret creation in XPAAS templates.
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: TemplatesAssignee: kconner
Status: CLOSED NOTABUG QA Contact: XiuJuan Wang <xiuwang>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.2.0CC: agoldste, aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-28 18:14:28 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Ryan Howe 2016-03-01 21:56:54 UTC 
Description of problem:
Quickstart templates need to create the service account and secret as these templates are meant to be kicked off from the webconsole. Users should not have to access the CLI to create the needed object to use these quickstarts. 


An Example template that requires the creation of  jws-app-secret and jws-service-account is jws30-tomcat8-mysql-s2i template. 



Version-Release number of selected component (if applicable): 3.1.1.6


How reproducible:100%


Steps to Reproduce:
1. oc new-app --template=jws30-tomcat8-mysql-s2i

Actual results:
$ oc status

Errors:
  * The image trigger for dc/jws-app-mysql will have no effect because is/mysql does not exist.
Warnings:
  * rc/jws-app-1 is attempting to mount a secret secret/jws-app-secret disallowed by sa/jws-service-account
  * rc/jws-app-1 is attempting to mount a missing secret secret/jws-app-secret
  * dc/jws-app is attempting to mount a secret secret/jws-app-secret disallowed by sa/jws-service-account
  * dc/jws-app is attempting to mount a missing secret secret/jws-app-secret

Expected results:

The jws-app-secret and jws-service-account gets created with the template. 

Additional info:

https://github.com/jboss-openshift/application-templates/tree/master/docs
https://github.com/jboss-openshift/application-templates
http://ce-docs.usersys.redhat.com/openshift/webserver-tomcat8/3.0/s2i.html
Comment 1 kconner 2016-03-03 01:23:38 UTC 
We considered this however decided not to go down this route since we currently see the service account creation as distinct from the templates, especially as these service accounts contain secrets that we expect the user to create independently of the templates.
Comment 2 Andy Goldstein 2016-03-28 18:14:28 UTC 
Replaced by a docs bz, https://bugzilla.redhat.com/show_bug.cgi?id=1313493.