Skip to content

[enterprise-4.8] Rm substep level in svc account step #34163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
vikram-redhat merged 1 commit into from
Jun 30, 2021
Merged

[enterprise-4.8] Rm substep level in svc account step #34163

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 6 additions & 10 deletions modules/osdk-upgrading-v130-to-v180.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,13 +457,9 @@ endif
----
====

. Make the following changes to your `config/rbac/service_account.yaml` file:
. Add a `system:controller-manager` service account to your project. A non-default service account `controller-manager` is now generated by the `operator-sdk init` command to improve security for Operators installed in shared namespaces. To add this service account to your existing project, follow these steps:

.. Add a `system:controller-manager` service account to your project.
+
A non-default service account `controller-manager` is now generated by the `operator-sdk init` command to improve security for Operators installed in shared namespaces. To add this service account to your existing project, follow these steps:

... Create the `ServiceAccount` definition in a file:
.. Create the `ServiceAccount` definition in a file:
+
.`config/rbac/service_account.yaml` file
[%collapsible]
Expand All @@ -478,28 +474,28 @@ metadata:
----
====

... Add the service account to the list of RBAC resources:
.. Add the service account to the list of RBAC resources:
+
[source,terminal]
----
$ echo "- service_account.yaml" >> config/rbac/kustomization.yaml
----

... Update all `RoleBinding` and `ClusterRoleBinding` objects that reference the Operator's service account:
.. Update all `RoleBinding` and `ClusterRoleBinding` objects that reference the Operator's service account:
+
[source,terminal]
----
$ find config/rbac -name *_binding.yaml -exec sed -i -E 's/ name: default/ name: controller-manager/g' {} \;
----

... Add the service account name to the manager deployment's `spec.template.spec.serviceAccountName` field:
.. Add the service account name to the manager deployment's `spec.template.spec.serviceAccountName` field:
+
[source,terminal]
----
$ sed -i -E 's/([ ]+)(terminationGracePeriodSeconds:)/\1serviceAccountName: controller-manager\n\1\2/g' config/manager/manager.yaml
----

... Verify the changes look like the following diffs:
.. Verify the changes look like the following diffs:
+
.`config/manager/manager.yaml` file diff
[%collapsible]
Expand Down