Always create service account even rbac_enabled = false

2026-03-06 18:17:47 +03:00 · 2018-08-22 11:41:29 +08:00
parent 7398858572
commit c3b3572025
34 changed files with 3 additions and 78 deletions
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@@ -7,7 +7,6 @@
    - "efk-sa.yml"
    - "efk-clusterrolebinding.yml"
  run_once: true
-  when: rbac_enabled

 - name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)"
  command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n kube-system"
@@ -15,7 +14,6 @@
    - "efk-sa.yml"
    - "efk-clusterrolebinding.yml"
  run_once: true
-  when: rbac_enabled

 - name: "ElasticSearch | Write ES deployment"
  template:
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
@@ -52,9 +52,7 @@ spec:
      volumes:
      - name: es-persistent-storage
        emptyDir: {}
-{% if rbac_enabled %}
      serviceAccountName: efk 
-{% endif %}
      initContainers:
      - image: alpine:3.6
        command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
--- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
+++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
@@ -28,9 +28,7 @@ spec:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
      priorityClassName: system-node-critical
-{% if rbac_enabled %}
      serviceAccountName: efk
-{% endif %}
      containers:
      - name: fluentd-es
        image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"
--- a/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
@@ -46,7 +46,4 @@ spec:
        - containerPort: 5601
          name: ui
          protocol: TCP
-{% if rbac_enabled %}
      serviceAccountName: efk 
-{% endif %}
-