Make operator unaware of its own service account

c31c7628 · Sergey Dudoladov · a88416e6 · c31c7628 · c31c7628 · c31c7628
Commit c31c7628 authored Apr 23, 2018 by Sergey Dudoladov
--- a/manifests/configmap.yaml
+++ b/manifests/configmap.yaml
@@ -7,7 +7,6 @@ data:
  # if neither is set or evaluates to the empty string, listen to the operator's own namespace
  # if set to the "*", listen to all namespaces
  # watched_namespace: development
-  service_account_name: operator
  cluster_labels: application:spilo
  cluster_name_label: version
  pod_role_label: spilo-role

--- a/pkg/cluster/k8sres.go
+++ b/pkg/cluster/k8sres.go
@@ -435,7 +435,7 @@ func (c *Cluster) generatePodTemplate(
 	terminateGracePeriodSeconds := int64(c.OpConfig.PodTerminateGracePeriod.Seconds())
 	podSpec := v1.PodSpec{
-		ServiceAccountName:            c.OpConfig.ServiceAccountName,
+		ServiceAccountName:            c.OpConfig.PodServiceAccountName,
 		TerminationGracePeriodSeconds: &terminateGracePeriodSeconds,
 		Containers:                    []v1.Container{container},
 		Tolerations:                   c.tolerations(tolerationsSpec),

--- a/pkg/util/config/config.go
+++ b/pkg/util/config/config.go
@@ -73,7 +73,6 @@ type Config struct {
 	EtcdHost          string            `name:"etcd_host" default:"etcd-client.default.svc.cluster.local:2379"`
 	DockerImage       string            `name:"docker_image" default:"registry.opensource.zalan.do/acid/spiloprivate-9.6:1.2-p4"`
 	// re-use one account for both Spilo pods and the operator; this grants extra privileges to pods
-	ServiceAccountName          string `name:"service_account_name" default:"operator"`
 	PodServiceAccountName       string `name:"pod_service_account_name" default:"operator"`
 	PodServiceAccountDefinition string `name:"pod_service_account_definition" default:"apiVersion: v1\nkind: ServiceAccount\nmetadata:\n  name: operator\n"`
 	DbHostedZone                string `name:"db_hosted_zone" default:"db.example.com"`