MCPcopy Index your code
hub / github.com/zalando/postgres-operator / submitRBACCredentials

Method submitRBACCredentials

pkg/controller/postgresql.go:580–592  ·  view source on GitHub ↗

* Ensures the pod service account and role bindings exists in a namespace before a PG cluster is created there so that a user does not have to deploy these credentials manually. StatefulSets require the service account to create pods; Patroni requires relevant RBAC bindings to access endpoints or c

(event ClusterEvent)

Source from the content-addressed store, hash-verified

578The operator does not sync accounts/role bindings after creation.
579*/
580func (c *Controller) submitRBACCredentials(event ClusterEvent) error {
581
582 namespace := event.NewSpec.GetNamespace()
583
584 if err := c.createPodServiceAccount(namespace); err != nil {
585 return fmt.Errorf("could not create pod service account %q : %v", c.opConfig.PodServiceAccountName, err)
586 }
587
588 if err := c.createRoleBindings(namespace); err != nil {
589 return fmt.Errorf("could not create role binding %q : %v", c.PodServiceAccountRoleBinding.Name, err)
590 }
591 return nil
592}
593
594func (c *Controller) createPodServiceAccount(namespace string) error {
595

Callers 1

processEventMethod · 0.95

Calls 2

createRoleBindingsMethod · 0.95

Tested by

no test coverage detected