diff --git a/pkg/plugins/golang/v3/scaffolds/init.go b/pkg/plugins/golang/v3/scaffolds/init.go index fd07927d4a1..c9f9d8fb471 100644 --- a/pkg/plugins/golang/v3/scaffolds/init.go +++ b/pkg/plugins/golang/v3/scaffolds/init.go @@ -105,6 +105,7 @@ func (s *initScaffolder) scaffold() error { &rbac.RoleBinding{}, &rbac.LeaderElectionRole{}, &rbac.LeaderElectionRoleBinding{}, + &rbac.ServiceAccount{}, &manager.Kustomization{}, &manager.Config{Image: imageName}, &manager.ControllerManagerConfig{}, diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/manager/config.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/manager/config.go index 96663a7a6c9..f8657a4401d 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/manager/config.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/manager/config.go @@ -100,5 +100,6 @@ spec: requests: cpu: 100m memory: 20Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 ` diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go index 3834de9bce4..5003d1e4d8d 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/auth_proxy_role_binding.go @@ -50,6 +50,6 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system ` diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/kustomization.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/kustomization.go index 0966bd6d5d9..001bcdfd7ae 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/kustomization.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/kustomization.go @@ -43,6 +43,12 @@ func (f *Kustomization) SetTemplateDefaults() error { } const kustomizeRBACTemplate = `resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# targets if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go index 8c67aac8a54..c523bed20f6 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/leader_election_role_binding.go @@ -50,6 +50,6 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system ` diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/role_binding.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/role_binding.go index 40f1bd783e1..5407455f47d 100644 --- a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/role_binding.go +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/role_binding.go @@ -50,6 +50,6 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system ` diff --git a/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/service_account.go b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/service_account.go new file mode 100644 index 00000000000..cc33daf3e41 --- /dev/null +++ b/pkg/plugins/golang/v3/scaffolds/internal/templates/config/rbac/service_account.go @@ -0,0 +1,48 @@ +/* +Copyright 2021 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package rbac + +import ( + "path/filepath" + + "sigs.k8s.io/kubebuilder/v3/pkg/model/file" +) + +var _ file.Template = &ServiceAccount{} + +// ServiceAccount scaffolds a file that defines the service account the manager is deployed in. +type ServiceAccount struct { + file.TemplateMixin +} + +// SetTemplateDefaults implements file.Template +func (f *ServiceAccount) SetTemplateDefaults() error { + if f.Path == "" { + f.Path = filepath.Join("config", "rbac", "service_account.yaml") + } + + f.TemplateBody = serviceAccountTemplate + + return nil +} + +const serviceAccountTemplate = `apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system +` diff --git a/test/e2e/ci.sh b/test/e2e/ci.sh index e09ae41b8e0..d6fe18c0db3 100755 --- a/test/e2e/ci.sh +++ b/test/e2e/ci.sh @@ -17,8 +17,8 @@ source "$(dirname "$0")/../common.sh" source "$(dirname "$0")/setup.sh" -kind_cluster="kind" -create_cluster ${KIND_K8S_VERSION} $kind_cluster +export KIND_CLUSTER="kind" +create_cluster ${KIND_K8S_VERSION} trap delete_cluster EXIT test_cluster diff --git a/test/e2e/local.sh b/test/e2e/local.sh index 0d0d82e0249..51eaf993d38 100755 --- a/test/e2e/local.sh +++ b/test/e2e/local.sh @@ -17,13 +17,13 @@ source "$(dirname "$0")/../common.sh" source "$(dirname "$0")/setup.sh" -kind_cluster=local-kubebuilder-e2e -create_cluster ${KIND_K8S_VERSION:-v1.18.0} $kind_cluster +export KIND_CLUSTER="local-kubebuilder-e2e" +create_cluster ${KIND_K8S_VERSION:-v1.18.0} if [ -z "${SKIP_KIND_CLEANUP:-}" ]; then - trap delete_cluster EXIT + trap delete_cluster EXIT fi -kind export kubeconfig --kubeconfig $tmp_root/kubeconfig --name $kind_cluster +kind export kubeconfig --kubeconfig $tmp_root/kubeconfig --name $KIND_CLUSTER export KUBECONFIG=$tmp_root/kubeconfig test_cluster -v -ginkgo.v diff --git a/test/e2e/setup.sh b/test/e2e/setup.sh index e0146ebe73f..dc8418575cb 100755 --- a/test/e2e/setup.sh +++ b/test/e2e/setup.sh @@ -23,10 +23,12 @@ install_kind # # Usage: # -# create_cluster +# export KIND_CLUSTER= +# create_cluster function create_cluster { - if ! kind get clusters | grep -q $2 ; then - kind create cluster -v 4 --name $2 --retain --wait=1m --config $(dirname "$0")/kind-config.yaml --image=kindest/node:$1 + : ${KIND_CLUSTER:?"KIND_CLUSTER must be set"} + if ! kind get clusters | grep -q $KIND_CLUSTER ; then + kind create cluster -v 4 --name $KIND_CLUSTER --retain --wait=1m --config $(dirname "$0")/kind-config.yaml --image=kindest/node:$1 fi } @@ -35,10 +37,11 @@ function create_cluster { # # Usage: # -# kind_cluster= +# export KIND_CLUSTER= # delete_cluster function delete_cluster { - kind delete cluster --name $kind_cluster + : ${KIND_CLUSTER:?"KIND_CLUSTER must be set"} + kind delete cluster --name $KIND_CLUSTER } function test_cluster { diff --git a/test/e2e/utils/kubectl.go b/test/e2e/utils/kubectl.go index b963de7dac0..40e6f79b93e 100644 --- a/test/e2e/utils/kubectl.go +++ b/test/e2e/utils/kubectl.go @@ -27,7 +27,8 @@ import ( // Kubectl contains context to run kubectl commands type Kubectl struct { *CmdContext - Namespace string + Namespace string + ServiceAccount string } // Command is a general func to run kubectl commands diff --git a/test/e2e/utils/test_context.go b/test/e2e/utils/test_context.go index c37949d3ec0..57e72b70cb7 100644 --- a/test/e2e/utils/test_context.go +++ b/test/e2e/utils/test_context.go @@ -56,8 +56,9 @@ func NewTestContext(binaryName string, env ...string) (*TestContext, error) { // Use kubectl to get Kubernetes client and cluster version. kubectl := &Kubectl{ - Namespace: fmt.Sprintf("e2e-%s-system", testSuffix), - CmdContext: cc, + Namespace: fmt.Sprintf("e2e-%s-system", testSuffix), + ServiceAccount: fmt.Sprintf("e2e-%s-controller-manager", testSuffix), + CmdContext: cc, } k8sVersion, err := kubectl.Version() if err != nil { diff --git a/test/e2e/v3/plugin_cluster_test.go b/test/e2e/v3/plugin_cluster_test.go index 589b94cb3c0..e03d6a8e46e 100644 --- a/test/e2e/v3/plugin_cluster_test.go +++ b/test/e2e/v3/plugin_cluster_test.go @@ -69,6 +69,11 @@ var _ = Describe("kubebuilder", func() { }) It("should generate a runnable project", func() { + // go/v3 uses a unqiue-per-project service account name, + // while go/v2 still uses "default". + tmp := kbc.Kubectl.ServiceAccount + kbc.Kubectl.ServiceAccount = "default" + defer func() { kbc.Kubectl.ServiceAccount = tmp }() GenerateV2(kbc) Run(kbc) }) @@ -166,7 +171,7 @@ func Run(kbc *utils.TestContext) { _, err = kbc.Kubectl.Command( "create", "clusterrolebinding", fmt.Sprintf("metrics-%s", kbc.TestSuffix), fmt.Sprintf("--clusterrole=e2e-%s-metrics-reader", kbc.TestSuffix), - fmt.Sprintf("--serviceaccount=%s:default", kbc.Kubectl.Namespace)) + fmt.Sprintf("--serviceaccount=%s:%s", kbc.Kubectl.Namespace, kbc.Kubectl.ServiceAccount)) ExpectWithOffset(1, err).NotTo(HaveOccurred()) _ = curlMetrics(kbc) @@ -263,7 +268,11 @@ func Run(kbc *utils.TestContext) { // curlMetrics curl's the /metrics endpoint, returning all logs once a 200 status is returned. func curlMetrics(kbc *utils.TestContext) string { By("reading the metrics token") - b64Token, err := kbc.Kubectl.Get(true, "secrets", "-o=jsonpath={.items[0].data.token}") + // Filter token query by service account in case more than one exists in a namespace. + query := fmt.Sprintf(`{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name=="%s")].data.token}`, + kbc.Kubectl.ServiceAccount, + ) + b64Token, err := kbc.Kubectl.Get(true, "secrets", "-o=jsonpath="+query) ExpectWithOffset(2, err).NotTo(HaveOccurred()) token, err := base64.StdEncoding.DecodeString(strings.TrimSpace(b64Token)) ExpectWithOffset(2, err).NotTo(HaveOccurred()) @@ -271,10 +280,11 @@ func curlMetrics(kbc *utils.TestContext) string { By("creating a curl pod") cmdOpts := []string{ - "run", "--generator=run-pod/v1", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", "--", + "run", "--generator=run-pod/v1", "curl", "--image=curlimages/curl:7.68.0", "--restart=OnFailure", + "--serviceaccount=" + kbc.Kubectl.ServiceAccount, "--", "curl", "-v", "-k", "-H", fmt.Sprintf(`Authorization: Bearer %s`, token), - fmt.Sprintf("https://e2e-%v-controller-manager-metrics-service.e2e-%v-system.svc:8443/metrics", - kbc.TestSuffix, kbc.TestSuffix), + fmt.Sprintf("https://e2e-%s-controller-manager-metrics-service.%s.svc:8443/metrics", + kbc.TestSuffix, kbc.Kubectl.Namespace), } _, err = kbc.Kubectl.CommandInNamespace(cmdOpts...) ExpectWithOffset(2, err).NotTo(HaveOccurred()) diff --git a/testdata/project-v3-addon/config/manager/manager.yaml b/testdata/project-v3-addon/config/manager/manager.yaml index 46a82393bfd..79adfe72a55 100644 --- a/testdata/project-v3-addon/config/manager/manager.yaml +++ b/testdata/project-v3-addon/config/manager/manager.yaml @@ -52,4 +52,5 @@ spec: requests: cpu: 100m memory: 20Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v3-addon/config/rbac/auth_proxy_role_binding.yaml b/testdata/project-v3-addon/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85c..ec7acc0a1b7 100644 --- a/testdata/project-v3-addon/config/rbac/auth_proxy_role_binding.yaml +++ b/testdata/project-v3-addon/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-addon/config/rbac/kustomization.yaml b/testdata/project-v3-addon/config/rbac/kustomization.yaml index 66c28338fe0..2302180cdbc 100644 --- a/testdata/project-v3-addon/config/rbac/kustomization.yaml +++ b/testdata/project-v3-addon/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# targets if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/testdata/project-v3-addon/config/rbac/leader_election_role_binding.yaml b/testdata/project-v3-addon/config/rbac/leader_election_role_binding.yaml index eed16906f4d..1d1321ed4f0 100644 --- a/testdata/project-v3-addon/config/rbac/leader_election_role_binding.yaml +++ b/testdata/project-v3-addon/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-addon/config/rbac/role_binding.yaml b/testdata/project-v3-addon/config/rbac/role_binding.yaml index 8f2658702c8..2070ede4462 100644 --- a/testdata/project-v3-addon/config/rbac/role_binding.yaml +++ b/testdata/project-v3-addon/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-addon/config/rbac/service_account.yaml b/testdata/project-v3-addon/config/rbac/service_account.yaml new file mode 100644 index 00000000000..7cd6025bfc4 --- /dev/null +++ b/testdata/project-v3-addon/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/testdata/project-v3-config/config/manager/manager.yaml b/testdata/project-v3-config/config/manager/manager.yaml index 082357842b1..3bb0ff3aabc 100644 --- a/testdata/project-v3-config/config/manager/manager.yaml +++ b/testdata/project-v3-config/config/manager/manager.yaml @@ -50,4 +50,5 @@ spec: requests: cpu: 100m memory: 20Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v3-config/config/rbac/auth_proxy_role_binding.yaml b/testdata/project-v3-config/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85c..ec7acc0a1b7 100644 --- a/testdata/project-v3-config/config/rbac/auth_proxy_role_binding.yaml +++ b/testdata/project-v3-config/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-config/config/rbac/kustomization.yaml b/testdata/project-v3-config/config/rbac/kustomization.yaml index 66c28338fe0..2302180cdbc 100644 --- a/testdata/project-v3-config/config/rbac/kustomization.yaml +++ b/testdata/project-v3-config/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# targets if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/testdata/project-v3-config/config/rbac/leader_election_role_binding.yaml b/testdata/project-v3-config/config/rbac/leader_election_role_binding.yaml index eed16906f4d..1d1321ed4f0 100644 --- a/testdata/project-v3-config/config/rbac/leader_election_role_binding.yaml +++ b/testdata/project-v3-config/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-config/config/rbac/role_binding.yaml b/testdata/project-v3-config/config/rbac/role_binding.yaml index 8f2658702c8..2070ede4462 100644 --- a/testdata/project-v3-config/config/rbac/role_binding.yaml +++ b/testdata/project-v3-config/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-config/config/rbac/service_account.yaml b/testdata/project-v3-config/config/rbac/service_account.yaml new file mode 100644 index 00000000000..7cd6025bfc4 --- /dev/null +++ b/testdata/project-v3-config/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/testdata/project-v3-multigroup/config/manager/manager.yaml b/testdata/project-v3-multigroup/config/manager/manager.yaml index 46a82393bfd..79adfe72a55 100644 --- a/testdata/project-v3-multigroup/config/manager/manager.yaml +++ b/testdata/project-v3-multigroup/config/manager/manager.yaml @@ -52,4 +52,5 @@ spec: requests: cpu: 100m memory: 20Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v3-multigroup/config/rbac/auth_proxy_role_binding.yaml b/testdata/project-v3-multigroup/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85c..ec7acc0a1b7 100644 --- a/testdata/project-v3-multigroup/config/rbac/auth_proxy_role_binding.yaml +++ b/testdata/project-v3-multigroup/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-multigroup/config/rbac/kustomization.yaml b/testdata/project-v3-multigroup/config/rbac/kustomization.yaml index 66c28338fe0..2302180cdbc 100644 --- a/testdata/project-v3-multigroup/config/rbac/kustomization.yaml +++ b/testdata/project-v3-multigroup/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# targets if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/testdata/project-v3-multigroup/config/rbac/leader_election_role_binding.yaml b/testdata/project-v3-multigroup/config/rbac/leader_election_role_binding.yaml index eed16906f4d..1d1321ed4f0 100644 --- a/testdata/project-v3-multigroup/config/rbac/leader_election_role_binding.yaml +++ b/testdata/project-v3-multigroup/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-multigroup/config/rbac/role_binding.yaml b/testdata/project-v3-multigroup/config/rbac/role_binding.yaml index 8f2658702c8..2070ede4462 100644 --- a/testdata/project-v3-multigroup/config/rbac/role_binding.yaml +++ b/testdata/project-v3-multigroup/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3-multigroup/config/rbac/service_account.yaml b/testdata/project-v3-multigroup/config/rbac/service_account.yaml new file mode 100644 index 00000000000..7cd6025bfc4 --- /dev/null +++ b/testdata/project-v3-multigroup/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/testdata/project-v3/config/manager/manager.yaml b/testdata/project-v3/config/manager/manager.yaml index 46a82393bfd..79adfe72a55 100644 --- a/testdata/project-v3/config/manager/manager.yaml +++ b/testdata/project-v3/config/manager/manager.yaml @@ -52,4 +52,5 @@ spec: requests: cpu: 100m memory: 20Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/testdata/project-v3/config/rbac/auth_proxy_role_binding.yaml b/testdata/project-v3/config/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85c..ec7acc0a1b7 100644 --- a/testdata/project-v3/config/rbac/auth_proxy_role_binding.yaml +++ b/testdata/project-v3/config/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3/config/rbac/kustomization.yaml b/testdata/project-v3/config/rbac/kustomization.yaml index 66c28338fe0..2302180cdbc 100644 --- a/testdata/project-v3/config/rbac/kustomization.yaml +++ b/testdata/project-v3/config/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# targets if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/testdata/project-v3/config/rbac/leader_election_role_binding.yaml b/testdata/project-v3/config/rbac/leader_election_role_binding.yaml index eed16906f4d..1d1321ed4f0 100644 --- a/testdata/project-v3/config/rbac/leader_election_role_binding.yaml +++ b/testdata/project-v3/config/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3/config/rbac/role_binding.yaml b/testdata/project-v3/config/rbac/role_binding.yaml index 8f2658702c8..2070ede4462 100644 --- a/testdata/project-v3/config/rbac/role_binding.yaml +++ b/testdata/project-v3/config/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/testdata/project-v3/config/rbac/service_account.yaml b/testdata/project-v3/config/rbac/service_account.yaml new file mode 100644 index 00000000000..7cd6025bfc4 --- /dev/null +++ b/testdata/project-v3/config/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system