Optional. If you are provisioning a Cognos Analytics instance into a tethered
project, you must apply role bindings to the tethered project before you provision the
instance.
About this task
You must be a cluster administrator to run this procedure.
Complete this procedure before you provision an instance into a tethered project.
For more information about setting up a tethered project, see Tethering projects to the IBM® Software
Hub
control plane.
Procedure
- Create a role with the following format:
cat << EOF | oc apply -n ${PROJECT_CPD_INSTANCE_TETHERED} -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
icpdsupport/addOnId: "cognos-analytics-app"
icpdsupport/app: "cognos-analytics"
icpdsupport/module: "caserviceinstance"
icpdata_tether_resource: "true"
name: cognos-service-provider-role
namespace: ${PROJECT_CPD_INSTANCE_TETHERED}
rules:
- apiGroups:
- ca.cpd.ibm.com
resources:
- caservices
- caserviceinstances
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
EOF
- Apply the role binding to the tethered project with the following format:
cat << EOF | oc apply -n ${PROJECT_CPD_INSTANCE_TETHERED} -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
icpdsupport/addOnId: "cognos-analytics-app"
icpdsupport/app: "cognos-analytics"
icpdsupport/module: "caserviceinstance"
icpdata_tether_resource: "true"
name: cognos-service-provider-rb
namespace: ${PROJECT_CPD_INSTANCE_TETHERED}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: cognos-service-provider-role
subjects:
- kind: ServiceAccount
name: cognos-analytics-sp-sa
namespace: ${PROJECT_CPD_INST_OPERANDS}
EOF