Im prettu sure that these reole are not needed as this is what the service account that Vault uses , not the service account that is used to authenticate to vault. Reported by: rhn-gps-rspazzol https://access.redhat.com/documentation/en-us/red_hat_openshift_data_foundation/4.10/html/deploying_openshift_data_foundation_on_vmware_vsphere/deploy-using-dynamic-storage-devices-vmware#annotations:acf98021-a25c-40ad-bbc8-8a688f4af04a
Agil, when I look at the draft doc I don't see from which section this comment is coming from. Can you help with that? Thanks
Agil, this comment is still unclear, I've looked at the current doc and how we deploy our upstream CI and things look good. Can we have the author of that comment clarify his/her statement?
the doc says that those role binding needs to be created. It's not true. Those roles bindings are not needed by ODF. of course having them does not break anything.
(In reply to raffaele spazzoli from comment #8) > the doc says that those role binding needs to be created. It's not true. > Those roles bindings are not needed by ODF. > of course having them does not break anything. I'm not sure to which bindings you are referring to, can you be more explicit? Do you mean step 2 here https://docs.google.com/document/d/1JVCIEuwXwLP0UbbamkoYs9ICi3p5Lycxs4dwLkAPjR4/edit? This is how Vault recommends it https://www.vaultproject.io/docs/auth/kubernetes#use-the-vault-client-s-jwt-as-the-reviewer-jwt and how our upstream CI makes it work too. If you have more details please share, something like why you think ODF doesn't need them will surely help.