From 6fbfee3903d74e604ebbe8077409810d68536991 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Inge=20Bols=C3=B8?= Date: Fri, 14 Jun 2019 14:24:23 +0200 Subject: [PATCH] decouple clusterrole name and serviceaccount name (#581) Decouple clusterrole name and service account name. --- pkg/controller/controller.go | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 2d814fd14..a492a85e2 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -197,25 +197,25 @@ func (c *Controller) initRoleBinding() { // operator binds it to the cluster role with sufficient privileges // we assume the role is created by the k8s administrator if c.opConfig.PodServiceAccountRoleBindingDefinition == "" { - c.opConfig.PodServiceAccountRoleBindingDefinition = ` + c.opConfig.PodServiceAccountRoleBindingDefinition = fmt.Sprintf(` { "apiVersion": "rbac.authorization.k8s.io/v1beta1", "kind": "RoleBinding", "metadata": { - "name": "zalando-postgres-operator" + "name": "%s" }, "roleRef": { "apiGroup": "rbac.authorization.k8s.io", "kind": "ClusterRole", - "name": "zalando-postgres-operator" + "name": "%s" }, "subjects": [ { "kind": "ServiceAccount", - "name": "operator" + "name": "%s" } ] - }` + }`, c.PodServiceAccount.Name, c.PodServiceAccount.Name, c.PodServiceAccount.Name) } c.logger.Info("Parse role bindings") // re-uses k8s internal parsing. See k8s client-go issue #193 for explanation @@ -230,9 +230,6 @@ func (c *Controller) initRoleBinding() { default: c.PodServiceAccountRoleBinding = obj.(*rbacv1beta1.RoleBinding) c.PodServiceAccountRoleBinding.Namespace = "" - c.PodServiceAccountRoleBinding.ObjectMeta.Name = c.PodServiceAccount.Name - c.PodServiceAccountRoleBinding.RoleRef.Name = c.PodServiceAccount.Name - c.PodServiceAccountRoleBinding.Subjects[0].Name = c.PodServiceAccount.Name c.logger.Info("successfully parsed") }