This topic describes known limitations and default resource mapping.
desired-namespaces ConfigMap that does not exist on the cluster, the provisioner application fails to reconcile and cannot create resources.desired-namespaces ConfigMap, un-label all the namespaces provisioned by Namespace Provisionerdesired-namespaces ConfigMap, set the list of namespaces to an empty list.Namespace Provisioner is installed as part of the standard installation profiles (i.e. Full, Iterate, Build, and Run) and the default set of resources provisioned in a namespace is based on a combination of the installation profile employed and the supply chain that is installed on the cluster. The following table shows the list of resources that are templated in the default-resources Secret for an installation profile and supply chain value combination:
| Namespace | Kind | Name | supply_chain | Install Profile | Reconcile |
|---|---|---|---|---|---|
| tap-install | PackageInstall | grype-scanner-{ns} | testing_scanning | full, build | Yes |
| tap-install | Secret | grype-scanner-{ns} | testing_scanning | full, build | Yes |
| Developer Namespace | Secret | registries-credentials | n/a | full, iterate, build, run | Yes |
| Developer Namespace | ServiceAccount | From: ootb_supply_chain_{supply_chain}.service_account (default: “default”) | n/a | full, iterate, build, run | No |
| Developer Namespace | ServiceAccount | From: ootb_delivery_basic.service_account (default: “default”) | n/a | full, iterate, run | No |
| Developer Namespace | RoleBinding | default-permit-deliverable | n/a | full, iterate, run | Yes |
| Developer Namespace | RoleBinding | default-permit-workload | n/a | full, iterate, build | Yes |
Note For Install OOTB Supply Chain with Testing and Scanning, see Extending the default provisioned resources.
