From 5e899a81cc4f0c84cfedb6bd2dd46703dad1f0dd Mon Sep 17 00:00:00 2001 From: Priya Wadhwa Date: Mon, 3 Aug 2020 15:23:45 -0400 Subject: [PATCH] Make sure cluster roles are applied to the service account the storage provisioner runs under --- .../storage-provisioner/storage-provisioner.yaml.tmpl | 8 +++++--- test/integration/testdata/pvc.yaml | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/deploy/addons/storage-provisioner/storage-provisioner.yaml.tmpl b/deploy/addons/storage-provisioner/storage-provisioner.yaml.tmpl index 1c1181f6f5..60be98e409 100644 --- a/deploy/addons/storage-provisioner/storage-provisioner.yaml.tmpl +++ b/deploy/addons/storage-provisioner/storage-provisioner.yaml.tmpl @@ -40,7 +40,7 @@ subjects: apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: system::leader-locking-storage-provisioner + name: system:persistent-volume-provisioner namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists @@ -51,6 +51,7 @@ rules: - endpoints verbs: - watch + - create - apiGroups: - "" resourceNames: @@ -60,18 +61,19 @@ rules: verbs: - get - update + - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: leader-locking-storage-provisioner + name: system:persistent-volume-provisioner namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: system::leader-locking-storage-provisioner + name: system:persistent-volume-provisioner subjects: - kind: ServiceAccount name: storage-provisioner diff --git a/test/integration/testdata/pvc.yaml b/test/integration/testdata/pvc.yaml index 93f487d03d..2c0e103fa4 100644 --- a/test/integration/testdata/pvc.yaml +++ b/test/integration/testdata/pvc.yaml @@ -7,4 +7,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 2Gi \ No newline at end of file + storage: 500Mi \ No newline at end of file