c44cd9e4e6
Note that the account here is named zalando-postgres-operator and not the 'operator' default that is created in the serviceaccount.yaml and also used by the operator configmap to create new postgres clusters. This is done intentionally, as to avoid breaking those setups that already work. Ideally, the operator should be run under the zalando-postgres-operator service account. However, the service account used to run Postgres clusters does not require all those privileges and is described at https://github.com/zalando/patroni/blob/master/kubernetes/patroni_k8s.yaml The service account defined here acquires some privileges not really used by the operator (i.e. we only need list and watch on configmaps), this is also done intentionally to avoid breaking things if someone decides to configure the same service account in the operator's configmap to run postgres clusters. Documentation and further testing by @zerg-junior |
||
|---|---|---|
| .. | ||
| complete-postgres-manifest.yaml | ||
| configmap.yaml | ||
| fake-teams-api.yaml | ||
| infrastructure-roles-configmap.yaml | ||
| infrastructure-roles.yaml | ||
| minimal-postgres-manifest.yaml | ||
| operator-rbac.yaml | ||
| platform-credentials.yaml | ||
| postgres-operator.yaml | ||
| serviceaccount.yaml | ||