Always create service account even rbac_enabled = false

roles/network_plugin/cilium/defaults/main.yml

@@ -18,8 +18,3 @@ cilium_cpu_requests: 100m
 
 # Optional features
 cilium_enable_prometheus: false
-
-rbac_resources:
-  - sa
-  - clusterrole
-  - clusterrolebinding

roles/network_plugin/cilium/tasks/main.yml

@@ -38,7 +38,6 @@
   register: cilium_node_manifests
   when:
     - inventory_hostname in groups['kube-master']
-    - rbac_enabled or item.type not in rbac_resources
 
 - name: Cilium | Set CNI directory permissions
   file:

roles/network_plugin/cilium/templates/cilium-ds.yml.j2

@@ -34,9 +34,7 @@ spec:
         prometheus.io/port: "9090"
 {% endif %}
     spec:
-{% if rbac_enabled %}
       serviceAccountName: cilium
-{% endif %}
       initContainers:
         - name: clean-cilium-state
           image: docker.io/library/busybox:1.28.4