Move bus deployments to knative-eventing

Buses can create dispatcher and provision deployments. Previously, these deployments were created in the same namespace as the Bus resource, which required RBAC rules to be configured to enable the deployments to read and update Bus, Channel and Subscription resources. By moving these deployments into the knative-eventing system namespace, we can use a pre-determined service account and RBAC configuration. Since the bus-controller no longer needs to create service accounts and role bindings, the controller can run with reduced privillage (follow knative#207 for that change). Fixes knative#349
scothis · Aug 15, 2018 · 3b8edf0 · 3b8edf0
1 parent f8e9563
commit 3b8edf0
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 211 deletions.
diff --git a/config/200-serviceaccount.yaml b/config/200-serviceaccount.yaml
@@ -21,5 +21,5 @@ metadata:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: clusterbus-controller
+  name: bus-operator
   namespace: knative-eventing
diff --git a/config/201-clusterrolebinding.yaml b/config/201-clusterrolebinding.yaml
@@ -28,10 +28,10 @@ roleRef:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: ClusterRoleBinding
 metadata:
-  name: clusterbus-controller-manage
+  name: bus-operator-manage
 subjects:
   - kind: ServiceAccount
-    name: clusterbus-controller
+    name: bus-operator
     namespace: knative-eventing
 roleRef:
   kind: ClusterRole