ansible: Add service account for host-provisioner
The _k8s-worker_ Ansible role in the configuration policy now uses the Kubernetes API to create bootstrap tokens for adding worker nodes to the cluster. For this to work, the pod running the host-provisioner must be associated with a service account that has the correct permissions to create secrets and access the `cluster-info` ConfigMap.
This commit is contained in:
@@ -90,11 +90,15 @@ spec:
|
||||
- mountPath: /tmp
|
||||
name: tmp
|
||||
subPath: tmp
|
||||
- mountPath: /var/tmp
|
||||
name: tmp
|
||||
subPath: tmp
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
serviceAccountName: host-provisioner
|
||||
volumes:
|
||||
- name: dch-root-ca
|
||||
configMap:
|
||||
|
||||
Reference in New Issue
Block a user