Rolebindings are not cleaned up after project is deleted.

Solution Verified - Updated -

Issue

  • When a binding crosses namespaces is created, the deletion of the project will not remove its binding with other project.
    For ex: Create 2 projects : "A" and "B". Then give the project "B" the system:image-puller role on the project "A". Then delete the project "B". Then inspect rolebindings of project "A", notice that it still has the rolebinding for project A even though it doesn't exist.
# oc policy add-role-to-group system:image-puller system:serviceaccounts:ProjectB -n ProjectA
# oc delete project ProjectB
# oc get rolebinding -n ProjectA

Environment

  • OpenShift Container Platform 3.6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content