Description of problem: When subscribing an operator to cluster scope, there are role and rolebinding generated for each namespace, but no SA generated although the rolebinding bound this SA. [root@preserve-olm-env data]# oc get rolebinding -n default NAME ROLE AGE etcdoperator.v0.9.4-clusterwide Role/etcdoperator.v0.9.4-clusterwide 67s ... name: etcdoperator.v0.9.4-clusterwide subjects: - kind: ServiceAccount name: etcd-operator ... [root@preserve-olm-env data]# oc get sa -n default|grep etcd-operator [root@preserve-olm-env data]# Version-Release number of selected component (if applicable): [root@preserve-olm-env data]# oc version Client Version: 4.7.0-0.nightly-2020-12-04-013308 Server Version: 4.7.0-0.nightly-2020-12-09-012634 Kubernetes Version: v1.19.2+ad738ba How reproducible: always Steps to Reproduce: 1. Install OCP 4.7 and login it as a cluster-admin role. 2. Subscribe the etcd-operator, select the cluster scope. 3. Check the rolebinding, role, SA for each namespace. Actual results: The rolebinding bound to the etcd-operator SA, but there is no corresponding SA(etcd-operator) generated actually. [root@preserve-olm-env data]# oc get rolebinding -n default etcdoperator.v0.9.4-clusterwide -o yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: ... subjects: - kind: ServiceAccount name: etcd-operator [root@preserve-olm-env data]# oc get sa -n default|grep etcd-operator [root@preserve-olm-env data]# Expected results: Should generate the corresponding SA for each namespace that the operator scoped. Additional info:
I guess this issue has been solved by bug 1906134 via "OLM should not create OperatorConditions for copied CSVs" Correct me if I'm wrong, thanks!
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633