SharedConfigMap allows a ConfigMap to be shared across namespaces. Pods can mount the shared ConfigMap by adding a CSI volume to the pod specification using the "csi.sharedresource.openshift.io" CSI driver and a reference to the SharedConfigMap in the volume attributes:
spec: volumes: - name: shared-configmap csi: driver: csi.sharedresource.openshift.io volumeAttributes: sharedConfigMap: my-share
For the mount to be successful, the pod’s service account must be granted permission to 'use' the named SharedConfigMap object within its namespace with an appropriate Role and RoleBinding. For compactness, here are example oc
invocations for creating such Role and RoleBinding objects.
oc create role shared-resource-my-share --verb=use --resource=sharedconfigmaps.sharedresource.openshift.io --resource-name=my-share
oc create rolebinding shared-resource-my-share --role=shared-resource-my-share --serviceaccount=my-namespace:default
Shared resource objects, in this case ConfigMaps, have default permissions of list, get, and watch for system authenticated users.
Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. These capabilities should not be used by applications needing long term support.