Skip to content

Commit

Permalink
feat(rbac): use real ServiceAccount instead of default
Browse files Browse the repository at this point in the history
  • Loading branch information
@cwrau
cwrau committed May 14, 2024
1 parent 22b3a28 commit a4db00b
Show file tree
Hide file tree
Showing 7 changed files with 25 additions and 4 deletions.
2 changes: 2 additions & 0 deletions config/manager/manager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ spec:
labels:
control-plane: controller-manager
spec:
serviceAccountName: manager
automountServiceAccountToken: true
containers:
- command:
- /manager
Expand Down
1 change: 1 addition & 0 deletions config/rbac/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@ resources:
- role_binding.yaml
- leader_election_role.yaml
- leader_election_role_binding.yaml
- service_account.yaml
2 changes: 1 addition & 1 deletion config/rbac/leader_election_role_binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ roleRef:
name: leader-election-role
subjects:
- kind: ServiceAccount
name: default
name: manager
namespace: system
2 changes: 1 addition & 1 deletion config/rbac/role_binding.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,5 @@ roleRef:
name: manager-role
subjects:
- kind: ServiceAccount
name: default
name: manager
namespace: system
5 changes: 5 additions & 0 deletions config/rbac/service_account.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: manager
namespace: system
2 changes: 2 additions & 0 deletions hack/charts/cluster-api-operator/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,8 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
serviceAccountName: capi-operator-manager
automountServiceAccountToken: true
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
Expand Down
15 changes: 13 additions & 2 deletions test/e2e/resources/full-chart-install.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
---
# Source: cluster-api-operator/templates/operator-components.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
clusterctl.cluster.x-k8s.io/core: capi-operator
name: capi-operator-manager
namespace: 'default'
---
# Source: cluster-api-operator/templates/operator-components.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -17702,7 +17711,7 @@ roleRef:
name: capi-operator-manager-role
subjects:
- kind: ServiceAccount
name: default
name: capi-operator-manager
namespace: 'default'
---
# Source: cluster-api-operator/templates/operator-components.yaml
Expand Down Expand Up @@ -17767,7 +17776,7 @@ roleRef:
name: capi-operator-leader-election-role
subjects:
- kind: ServiceAccount
name: default
name: capi-operator-manager
namespace: 'default'
---
# Source: cluster-api-operator/templates/operator-components.yaml
Expand Down Expand Up @@ -17818,6 +17827,8 @@ spec:
control-plane: controller-manager
clusterctl.cluster.x-k8s.io/core: capi-operator
spec:
serviceAccountName: capi-operator-manager
automountServiceAccountToken: true
containers:
- args:
- --v=2
Expand Down

0 comments on commit a4db00b

Please sign in to comment.