diff --git a/kustomize/base/kustomization.yaml b/kustomize/base/kustomization.yaml index 8a2c2c53b..c6af77e5d 100644 --- a/kustomize/base/kustomization.yaml +++ b/kustomize/base/kustomization.yaml @@ -4,8 +4,7 @@ kind: Kustomization commonLabels: app: quay resources: - - ./quay.role.yaml - - ./quay.rolebinding.yaml + - ./quay.serviceaccount.yaml - ./quay.deployment.yaml - ./quay.service.yaml - ./upgrade.deployment.yaml diff --git a/kustomize/base/quay.deployment.yaml b/kustomize/base/quay.deployment.yaml index 3709863d3..55f035997 100644 --- a/kustomize/base/quay.deployment.yaml +++ b/kustomize/base/quay.deployment.yaml @@ -14,6 +14,7 @@ spec: labels: quay-component: quay-app spec: + serviceAccountName: quay-app volumes: - name: configvolume secret: diff --git a/kustomize/base/quay.role.yaml b/kustomize/base/quay.role.yaml deleted file mode 100644 index ef0bd6614..000000000 --- a/kustomize/base/quay.role.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: quay-serviceaccount -rules: - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - put - - patch - - update - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - apiGroups: - - extensions - - apps - resources: - - deployments - verbs: - - get - - list - - patch - - update - - watch diff --git a/kustomize/base/quay.rolebinding.yaml b/kustomize/base/quay.rolebinding.yaml deleted file mode 100644 index 6c51d2be3..000000000 --- a/kustomize/base/quay.rolebinding.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: quay-secret-writer -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: quay-serviceaccount -subjects: -- kind: ServiceAccount - name: default diff --git a/kustomize/base/quay.serviceaccount.yaml b/kustomize/base/quay.serviceaccount.yaml new file mode 100644 index 000000000..b48278931 --- /dev/null +++ b/kustomize/base/quay.serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: quay-app diff --git a/pkg/kustomize/kustomize_test.go b/pkg/kustomize/kustomize_test.go index 87e31368a..100aa4531 100644 --- a/pkg/kustomize/kustomize_test.go +++ b/pkg/kustomize/kustomize_test.go @@ -11,7 +11,6 @@ import ( appsv1 "k8s.io/api/apps/v1" batchv1 "k8s.io/api/batch/v1" corev1 "k8s.io/api/core/v1" - rbac "k8s.io/api/rbac/v1beta1" "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" @@ -205,8 +204,6 @@ func TestFlattenSecret(t *testing.T) { var quayComponents = map[string][]client.Object{ "base": { - &rbac.Role{ObjectMeta: metav1.ObjectMeta{Name: "quay-serviceaccount"}}, - &rbac.RoleBinding{ObjectMeta: metav1.ObjectMeta{Name: "quay-secret-writer"}}, &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-app"}}, &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-app-upgrade"}}, &appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-config-editor"}}, @@ -216,6 +213,7 @@ var quayComponents = map[string][]client.Object{ &corev1.ConfigMap{ObjectMeta: metav1.ObjectMeta{Name: "cluster-service-ca"}}, &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "quay-config-editor-credentials"}}, &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "quay-registry-managed-secret-keys"}}, + &corev1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: "quay-app"}}, }, "clair": { &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "clair-config-secret"}},