Skip to content
Permalink
Browse files

Use service account in pod specs

It turns out that we did not notice that microk8s doesn't enforce RBAC.
Because of that, the default service account used by shipper before this
commit had access to everything.

When running e2e tests against kind instead of microk8s, we learned that
our deployments did not specify the correct service account created by
shipperctl, so all API calls failed due to missing authorization. Adding
the service account to the deployments solves it.
  • Loading branch information...
juliogreff committed Aug 29, 2019
1 parent be2cb1b commit 46d74feb7a215526ad4b98218745b8ffca076679
Showing with 2 additions and 0 deletions.
  1. +1 −0 kubernetes/shipper-state-metrics.deployment.yaml
  2. +1 −0 kubernetes/shipper.deployment.yaml
@@ -20,3 +20,4 @@ spec:
imagePullPolicy: Always
ports:
- containerPort: 8890
serviceAccountName: shipper-management-cluster
@@ -33,6 +33,7 @@ spec:
- mountPath: /etc/webhook/certs
name: webhook-certs
readOnly: true
serviceAccountName: shipper-management-cluster
volumes:
- name: webhook-certs
secret:

0 comments on commit 46d74fe

Please sign in to comment.
You can’t perform that action at this time.