In OpenShift 3, each of our namespaces could pull images from the tools namespace and this was easily done in the UI using the membership page. But in OCP4, in trying to "create binding", it is not straight-forward to select system:image-puller as a role nor a default namespace ServiceAccount as subject.
In OCP4, use oc policy add-role-to-user to grant permissions; remember that when granting access from a different account you need the fully qualified name.
In OpenShift 3, each of our namespaces could pull images from the tools namespace and this was easily done in the UI using the membership page. But in OCP4, in trying to "create binding", it is not straight-forward to select
system:image-pulleras a role nor adefaultnamespace ServiceAccount as subject.In OCP4, use
oc policy add-role-to-userto grant permissions; remember that when granting access from a different account you need the fully qualified name.RocketChat Reference(s):