Skip to content

Commit ea4d9be

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #244 from yevgeny-shnaidman/yevgeny/manager-service-account
Using dedicated ServiceAccount for manager pod
2 parents f3b2307 + e5ce843 commit ea4d9be

9 files changed

+18
-239
lines changed

config/manager/manager.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,7 @@ spec:
2222
labels:
2323
control-plane: nfd-controller-manager
2424
spec:
25+
serviceAccountName: nfd-manager
2526
containers:
2627
- name: manager
2728
securityContext:

config/rbac/auth_proxy/role_binding.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,5 @@ roleRef:
88
name: nfd-proxy-role
99
subjects:
1010
- kind: ServiceAccount
11-
name: default
11+
name: nfd-manager
1212
namespace: node-feature-discovery-operator

config/rbac/core/leader_election_role_binding.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,5 +8,5 @@ roleRef:
88
name: nfd-leader-election-role
99
subjects:
1010
- kind: ServiceAccount
11-
name: default
11+
name: nfd-manager
1212
namespace: node-feature-discovery-operator

config/rbac/core/manager_role.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ apiVersion: rbac.authorization.k8s.io/v1
33
kind: ClusterRole
44
metadata:
55
creationTimestamp: null
6-
name: nfd-manager-role
6+
name: nfd-manager
77
rules:
88
- apiGroups:
99
- ""

config/rbac/core/manager_role.yaml.working

Lines changed: 0 additions & 233 deletions
This file was deleted.

config/rbac/core/manager_role_binding.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
apiVersion: rbac.authorization.k8s.io/v1
22
kind: ClusterRoleBinding
33
metadata:
4-
name: nfd-manager-rolebinding
4+
name: nfd-manager
55
roleRef:
66
apiGroup: rbac.authorization.k8s.io
77
kind: ClusterRole
8-
name: nfd-manager-role
8+
name: nfd-manager
99
subjects:
1010
- kind: ServiceAccount
11-
name: default
11+
name: nfd-manager
1212
namespace: node-feature-discovery-operator

config/rbac/kustomization.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ resources:
88
- prune/
99
- topologyupdater/
1010
- worker/
11+
- manager/
1112
# Comment the following line if you want to disable
1213
# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
1314
# which protects your /metrics endpoint.

config/rbac/manager/kustomization.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
4+
resources:
5+
- sa.yaml

config/rbac/manager/sa.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: nfd-manager
5+
namespace: node-feature-discovery-operator

0 commit comments

Comments
 (0)