Service Account Clarification (scc permissions) for OpenShift #219
Description
Is this a BUG or FEATURE REQUEST?:
Did you review https://istio.io/help/ and existing issues to identify if this is already solved or being worked on?: Y
Bug:
Y
What Version of Istio and Kubernetes are you using, where did you get Istio from, Installation details
istioctl version
Version: 0.5.1
GitRevision: 30acfe6528107ea333543309095659b93364b30d
User: root@2e4a18076b04
Hub: docker.io/istio
GolangVersion: go1.9
BuildStatus: Clean
kubectl version
Client Version: version.Info{Major:"1", Minor:"9", GitVersion:"v1.9.2", GitCommit:"5fa2db2bd46ac79e5e00a4e6ed24191080aa463b", GitTreeState:"clean", BuildDate:"2018-01-18T10:09:24Z", GoVersion:"go1.9.2", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.6+a08f5eeb62", GitCommit:"c84beff", GitTreeState:"clean", BuildDate:"2017-12-06T20:03:39Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Is Istio Auth enabled or not ?
No
What happened:
Can anyone update the guidelines or what other permissions and service accounts are needed to run Istio in OpenShift? It says in the guide that the following are needed:
oc adm policy add-scc-to-user anyuid -z istio-ingress-service-account -n istio-system
oc adm policy add-scc-to-user anyuid -z istio-grafana-service-account -n istio-system
oc adm policy add-scc-to-user anyuid -z istio-prometheus-service-account -n istio-system
However, the 0.5.1 build has no istio-prometheus-service-account user. Instead, it has the prometheus service account and there is no istio-grafana-service-account from what I can see examining the 0.5.1 release as well as checking in the oc CLI. Clarification is needed on this part. I would be glad to help in anyway I can, even contribute to the project.