From a9265155307a67c68aefdcb238d86f19b5485598 Mon Sep 17 00:00:00 2001
From: Sergey Dudoladov <sergey.dudoladov@zalando.de>
Date: Wed, 16 May 2018 15:28:45 +0200
Subject: [PATCH] Employ RBAC when run on minikube

---
 README.md                     | 10 +++++-----
 manifests/operator-rbac.yaml  |  7 +++++++
 manifests/serviceaccount.yaml |  4 ----
 run_operator_locally.sh       |  2 +-
 4 files changed, 13 insertions(+), 10 deletions(-)
 delete mode 100644 manifests/serviceaccount.yaml

diff --git a/README.md b/README.md
index 0f328a6da..10bd8a513 100644
--- a/README.md
+++ b/README.md
@@ -47,17 +47,17 @@ kubectl create -f manifests/postgres-operator.yaml # create  postgres-operator d
 kubectl create -f manifests/minimal-postgres-manifest.yaml # submit a PG cluster
 ```
 
+Tear down cleanly:
+```bash
+minikube delete
+```
+
 We have automated these steps for you:
 ```bash
 cd postgres-operator
 ./run_operator_locally.sh
 ```
 
-Tear down cleanly:
-```bash
-minikube delete
-```
-
 ## Scope
 
 The scope of the postgres operator is on provisioning, modifying configuration and cleaning up Postgres clusters that use Patroni, basically to make it easy and convenient to run Patroni based clusters on Kubernetes.
diff --git a/manifests/operator-rbac.yaml b/manifests/operator-rbac.yaml
index f659da615..e20a2ecd4 100644
--- a/manifests/operator-rbac.yaml
+++ b/manifests/operator-rbac.yaml
@@ -112,6 +112,13 @@ rules:
   - create
   - delete
   - get
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts
+  verbs:
+  - get
+  - create
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
diff --git a/manifests/serviceaccount.yaml b/manifests/serviceaccount.yaml
deleted file mode 100644
index 5b9d50558..000000000
--- a/manifests/serviceaccount.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: operator
diff --git a/run_operator_locally.sh b/run_operator_locally.sh
index 6c5f15a9f..4fcbe46e2 100755
--- a/run_operator_locally.sh
+++ b/run_operator_locally.sh
@@ -134,7 +134,7 @@ function start_operator(){
 
     # the order of resource initialization is significant
     local file
-    for file  in "configmap.yaml" "serviceaccount.yaml"
+    for file  in "configmap.yaml" "operator-rbac.yaml"
     do
         retry "kubectl  create -f manifests/\"$file\"" "attempt to create $file resource"
     done