diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index a492a85e2..9162ce27d 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -58,7 +58,6 @@ type Controller struct { PodServiceAccount *v1.ServiceAccount PodServiceAccountRoleBinding *rbacv1beta1.RoleBinding - namespacesWithDefinedRBAC sync.Map } // NewController creates a new controller diff --git a/pkg/controller/postgresql.go b/pkg/controller/postgresql.go index 5b76af12f..8e8f9ae85 100644 --- a/pkg/controller/postgresql.go +++ b/pkg/controller/postgresql.go @@ -493,17 +493,16 @@ func (c *Controller) postgresqlDelete(obj interface{}) { } /* - Ensures the pod service account and role bindings exists in a namespace before a PG cluster is created there so that a user does not have to deploy these credentials manually. - StatefulSets require the service account to create pods; Patroni requires relevant RBAC bindings to access endpoints. + Ensures the pod service account and role bindings exists in a namespace + before a PG cluster is created there so that a user does not have to deploy + these credentials manually. StatefulSets require the service account to + create pods; Patroni requires relevant RBAC bindings to access endpoints. The operator does not sync accounts/role bindings after creation. */ func (c *Controller) submitRBACCredentials(event ClusterEvent) error { namespace := event.NewSpec.GetNamespace() - if _, ok := c.namespacesWithDefinedRBAC.Load(namespace); ok { - return nil - } if err := c.createPodServiceAccount(namespace); err != nil { return fmt.Errorf("could not create pod service account %v : %v", c.opConfig.PodServiceAccountName, err) @@ -512,7 +511,6 @@ func (c *Controller) submitRBACCredentials(event ClusterEvent) error { if err := c.createRoleBindings(namespace); err != nil { return fmt.Errorf("could not create role binding %v : %v", c.PodServiceAccountRoleBinding.Name, err) } - c.namespacesWithDefinedRBAC.Store(namespace, true) return nil }