event-processor: configure service account and cluster role binding so it can create pods in any namespace
diff --git a/events/install.yaml b/events/install.yaml
index 3b0738a..641e119 100644
--- a/events/install.yaml
+++ b/events/install.yaml
@@ -4,6 +4,34 @@
metadata:
name: pcloud-events
---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: event-processor
+ namespace: pcloud-events
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: modify-pods
+rules:
+ - apiGroups: [""]
+ resources: ["pods"]
+ verbs: ["create", "get", "watch", "list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: modify-pods-to-sa
+subjects:
+ - kind: ServiceAccount
+ name: event-processor
+ namespace: pcloud-events
+roleRef:
+ kind: ClusterRole
+ name: modify-pods
+ apiGroup: rbac.authorization.k8s.io
+---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -19,6 +47,7 @@
labels:
app: event-processor
spec:
+ serviceAccountName: event-processor
containers:
- name: minio-importer
image: giolekva/pcloud-event-processor:latest
diff --git a/events/processor.go b/events/processor.go
index 89db4d5..504e261 100644
--- a/events/processor.go
+++ b/events/processor.go
@@ -50,7 +50,7 @@
glog.Info("Creating pod...")
resp, err := p.pods.Create(context.TODO(), pod, metav1.CreateOptions{})
if err != nil {
- glog.Error(resp)
+ glog.Error(err)
continue
}
glog.Infof("Pod created: %s", resp)