Skip to content

Commit

Permalink
Clarify when a separate account for database pods may be needed
Browse files Browse the repository at this point in the history
  • Loading branch information
Sergey Dudoladov committed Feb 15, 2018
1 parent 5e9a214 commit 0a9e6bd
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ Watching a namespace for an operator means tracking requests to change Postgresq

By default, the operator watches the namespace it is deployed to. You can change this by altering the `WATCHED_NAMESPACE` env var in the operator deployment manifest or the `watched_namespace` field in the operator configmap. In the case both are set, the env var takes the precedence.

Note that for an operator to manage pods in the watched namespace, the operator's service account (as specified in the operator deployment manifest) has to have appropriate privileges to access the watched namespace. The watched namespace also needs to have a (possibly different) service account that allows database pods to talk to the Kubernetes API.
Note that for an operator to manage pods in the watched namespace, the operator's service account (as specified in the operator deployment manifest) has to have appropriate privileges to access the watched namespace. The watched namespace also needs to have a (possibly different) service account in the case database pods need to talk to the Kubernetes API (e.g. when using Kubernetes-native configuration of Patroni).

### Create ConfigMap

Expand Down

0 comments on commit 0a9e6bd

Please sign in to comment.