Examples when Subscription Admin needs to be enabled in RHACM-Gitops scenarios

Solution Verified - Updated -

Issue

There are three scenarios where Subscription-Admin needs to be applied:

  1. You have a Subscription which subscribes to an Application which is creating objects in namespaces other than the Subscription itself.
  2. You are going to overwrite existing kubernetes-objects which have not been created by the subscription before (for example adding a label to a node object) .
  3. starting with ACM 2.4 Policies residing in git will not be deployed.

Further explanation.

  1. In usecase one per default all objects are created in the same namespace as the subscription.

  2. In usecase two, you would get the following error when checking the status of the subscription :
    Obj exists and owned by others, backoff

  3. usecase three is a Security Feature to not simply deploy policies without this additional step. You need to setup Subscription-Admin on the Hub. Use this policy and adjust the user.

Environment

RHACM 2.3,2.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content