Add RBAC support for canal (#1604)

Refactored how rbac_enabled is set Added RBAC to ubuntu-canal-ha CI job Added rbac for calico policy controller
2026-03-09 11:47:47 +03:00 · 2017-09-04 11:29:40 +03:00
parent 702ce446df
commit a3e6896a43
18 changed files with 274 additions and 46 deletions
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-policy-controller.yml.j2
@@ -15,15 +15,18 @@ spec:
  template:
    metadata:
      name: calico-policy-controller
-      namespace: {{system_namespace}}
+      namespace: {{ system_namespace }}
      labels:
        kubernetes.io/cluster-service: "true"
        k8s-app: calico-policy
    spec:
      hostNetwork: true
+{% if rbac_enabled %}
+      serviceAccountName: calico-policy-controller
+{% endif %}
      tolerations:
-       - effect: NoSchedule
-         operator: Exists
+        - effect: NoSchedule
+          operator: Exists
      containers:
        - name: calico-policy-controller
          image: {{ calico_policy_image_repo }}:{{ calico_policy_image_tag }}