Fixes eclipse-che#16534

* explicitly specify the namespace in the role reference when creating
  che workspace service account role bindings in openshift infra
* create the roles in the namespace, not as cluster roles in k8s infra

Signed-off-by: Lukas Krejci <[email protected]>

infrastructures/kubernetes/src/main/java/org/eclipse/che/workspace/infrastructure/kubernetes/namespace/KubernetesWorkspaceServiceAccount.java

@@ -76,14 +76,12 @@ void prepare() throws InfrastructureException {
     }
 
     String execRoleName = "exec";
-    if (k8sClient.rbac().clusterRoles().inNamespace(namespace).withName(execRoleName).get()
-        == null) {
+    if (k8sClient.rbac().roles().inNamespace(namespace).withName(execRoleName).get() == null) {
       createExecRole(k8sClient, execRoleName);
     }
 
     String viewRoleName = "workspace-view";
-    if (k8sClient.rbac().clusterRoles().inNamespace(namespace).withName(viewRoleName).get()
-        == null) {
+    if (k8sClient.rbac().roles().inNamespace(namespace).withName(viewRoleName).get() == null) {
       createViewRole(k8sClient, viewRoleName);
     }
 

infrastructures/openshift/src/main/java/org/eclipse/che/workspace/infrastructure/openshift/project/OpenShiftWorkspaceServiceAccount.java

@@ -150,6 +150,7 @@ private OpenshiftRoleBinding createViewRoleBinding() {
         .endMetadata()
         .withNewRoleRef()
         .withName("workspace-view")
+        .withNamespace(projectName)
         .endRoleRef()
         .withSubjects(
             new ObjectReferenceBuilder()
@@ -167,6 +168,7 @@ private OpenshiftRoleBinding createExecRoleBinding() {
         .endMetadata()
         .withNewRoleRef()
         .withName("exec")
+        .withNamespace(projectName)
         .endRoleRef()
         .withSubjects(
             new ObjectReferenceBuilder()