event-processor: configure service account and cluster role binding so it can create pods in any namespace

commit: c17b19c95982daf35486b5b830d11c47d30f32ab [log] [tgz]
author: giolekva <giolekva@gmail.com> Wed May 06 15:33:49 2020 +0400
committer: giolekva <giolekva@gmail.com> Wed May 06 15:33:49 2020 +0400
tree: a58d49aa2203e847dcd3144115913b011e87e085
parent: ede6d2ba17e6281975f1e78eb6c82170df2707f0 [diff] [blame]
diff --git a/events/install.yaml b/events/install.yaml
index 3b0738a..641e119 100644
--- a/events/install.yaml
+++ b/events/install.yaml

@@ -4,6 +4,34 @@
 metadata:
   name: pcloud-events
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: event-processor
+  namespace: pcloud-events
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: modify-pods
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["create", "get", "watch", "list", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: modify-pods-to-sa
+subjects:
+  - kind: ServiceAccount
+    name: event-processor
+    namespace: pcloud-events
+roleRef:
+  kind: ClusterRole
+  name: modify-pods
+  apiGroup: rbac.authorization.k8s.io
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -19,6 +47,7 @@
       labels:
         app: event-processor
     spec:
+      serviceAccountName: event-processor
       containers:
       - name: minio-importer
         image: giolekva/pcloud-event-processor:latest
commit	c17b19c95982daf35486b5b830d11c47d30f32ab	[log] [tgz]
author	giolekva <giolekva@gmail.com>	Wed May 06 15:33:49 2020 +0400
committer	giolekva <giolekva@gmail.com>	Wed May 06 15:33:49 2020 +0400
tree	a58d49aa2203e847dcd3144115913b011e87e085
parent	ede6d2ba17e6281975f1e78eb6c82170df2707f0 [diff] [blame]