There are three scenarios where
Subscription-Admin needs to be applied:
- You have a Subscription which subscribes to an Application which is creating objects in namespaces other than the Subscription itself.
- You are going to overwrite existing kubernetes-objects which have not been created by the subscription before (for example adding a label to a node object) .
- starting with ACM 2.4 Policies residing in git will not be deployed.
In usecase one per default all objects are created in the same namespace as the subscription.
In usecase two, you would get the following error when checking the status of the subscription :
Obj exists and owned by others, backoff
usecase three is a Security Feature to not simply deploy policies without this additional step. You need to setup Subscription-Admin on the Hub. Use this policy and adjust the user.
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.