Merge "Use ServiceAccount for netcheker server."

commit: 5ca033f73e32be02cbd4423648d69aa719c6d628 [log] [tgz]
author: mcp-jenkins <mcp-jenkins@mirantis.com> Wed Mar 07 17:41:51 2018 +0000
committer: Gerrit Code Review <gerrit2@56fc70e46927> Wed Mar 07 17:41:51 2018 +0000
tree: 4918ac5ebaebcd7c796de7b4a466447f9e748633
parent: c72e168c9af0f73c41bb57ee6a974be416dffd54 [diff]
parent: 10ed90818f7b5d2c2b7b10e17adb5d719b7187f0 [diff]
diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml b/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml
index a22da2c..21aed28 100644
--- a/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-roles.yml

@@ -2,9 +2,9 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRole
 metadata:
-  name: netchecker-server
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
+  name: netchecker-server
 rules:
   - apiGroups:
       - apiextensions.k8s.io
@@ -37,14 +37,14 @@
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
-  name: netchecker
   labels:
     addonmanager.kubernetes.io/mode: Reconcile
+  name: netchecker
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: netchecker-server
 subjects:
-  - apiGroup: rbac.authorization.k8s.io
-    kind: Group
-    name: "system:serviceaccounts"
+  - kind: ServiceAccount
+    name: netchecker
+    namespace: netchecker

diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-server.yml b/kubernetes/files/kube-addons/netchecker/netchecker-server.yml
index fd3e46c..7106d1a 100644
--- a/kubernetes/files/kube-addons/netchecker/netchecker-server.yml
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-server.yml

@@ -22,6 +22,7 @@
         cni: {{ common.addons.netchecker.cni }}
 {%- endif %}
     spec:
+      serviceAccountName: netchecker
       tolerations:
         - key: node-role.kubernetes.io/master
           effect: NoSchedule

diff --git a/kubernetes/files/kube-addons/netchecker/netchecker-serviceaccount.yml b/kubernetes/files/kube-addons/netchecker/netchecker-serviceaccount.yml
new file mode 100644
index 0000000..028a9ba
--- /dev/null
+++ b/kubernetes/files/kube-addons/netchecker/netchecker-serviceaccount.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    addonmanager.kubernetes.io/mode: Reconcile
+  name: netchecker
+  namespace: netchecker

diff --git a/kubernetes/master/kube-addons.sls b/kubernetes/master/kube-addons.sls
index 609c209..2bd2b90 100644
--- a/kubernetes/master/kube-addons.sls
+++ b/kubernetes/master/kube-addons.sls

@@ -132,7 +132,7 @@
 
 {%- if common.addons.get('netchecker', {'enabled': False}).enabled %}
 
-{%- set netchecker_resources = ['svc', 'server', 'agent'] %}
+{%- set netchecker_resources = ['svc', 'server', 'agent', 'serviceaccount'] %}
 
 {%- if 'RBAC' in master.auth.get('mode', "") %}
commit	5ca033f73e32be02cbd4423648d69aa719c6d628	[log] [tgz]
author	mcp-jenkins <mcp-jenkins@mirantis.com>	Wed Mar 07 17:41:51 2018 +0000
committer	Gerrit Code Review <gerrit2@56fc70e46927>	Wed Mar 07 17:41:51 2018 +0000
tree	4918ac5ebaebcd7c796de7b4a466447f9e748633
parent	c72e168c9af0f73c41bb57ee6a974be416dffd54 [diff]
parent	10ed90818f7b5d2c2b7b10e17adb5d719b7187f0 [diff]