Bug 2075613

Summary: [DDF] Im prettu sure that these reole are not needed as this is what the service account that Vault uses , not the
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Direct Docs Feedback <ddf-bot>
Component: documentationAssignee: Anjana Suparna Sriram <asriram>
Status: CLOSED CURRENTRELEASE QA Contact: Neha Berry <nberry>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 4.10CC: agantony, ocs-bugs, odf-bz-bot, olakra, rgeorge, rspazzol, shan
Target Milestone: ---Flags: shan: needinfo? (rspazzol)
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-06-03 13:22:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Direct Docs Feedback 2022-04-14 17:25:35 UTC 
Im prettu sure that these reole are not needed as this is what the service account that Vault uses , not the service account that is used to authenticate to vault.

Reported by: rhn-gps-rspazzol

https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html/deploying_openshift_data_foundation_on_vmware_vsphere/deploy-using-dynamic-storage-devices-vmware#annotations:acf98021-a25c-40ad-bbc8-8a688f4af04a
Comment 4 Sébastien Han 2022-05-05 13:35:12 UTC 
Agil, when I look at the draft doc I don't see from which section this comment is coming from.
Can you help with that?

Thanks
Comment 6 Sébastien Han 2022-05-05 15:15:39 UTC 
Agil, this comment is still unclear, I've looked at the current doc and how we deploy our upstream CI and things look good.
Can we have the author of that comment clarify his/her statement?
Comment 8 raffaele spazzoli 2022-05-11 12:57:06 UTC 
the doc says that those role binding needs to be created. It's not true. 
Those roles bindings are not needed by ODF.
of course having them does not break anything.
Comment 10 Sébastien Han 2022-05-18 15:42:00 UTC 
(In reply to raffaele spazzoli from comment #8)
> the doc says that those role binding needs to be created. It's not true. 
> Those roles bindings are not needed by ODF.
> of course having them does not break anything.

I'm not sure to which bindings you are referring to, can you be more explicit?
Do you mean step 2 here https://docs.google.com/document/d/1JVCIEuwXwLP0UbbamkoYs9ICi3p5Lycxs4dwLkAPjR4/edit?

This is how Vault recommends it https://www.vaultproject.io/docs/auth/kubernetes#use-the-vault-client-s-jwt-as-the-reviewer-jwt and how our upstream CI makes it work too.
If you have more details please share, something like why you think ODF doesn't need them will surely help.