fix deploy rbac service-account to not have hardcoded namespace

jmccormick2001 · jmccormick2001 · commit b09b32c79da6 · 2018-04-05T10:06:41.000-05:00
diff --git a/deploy/deploy.sh b/deploy/deploy.sh
@@ -21,9 +21,9 @@ if [ "$CO_CMD" = "kubectl" ]; then
 	NS="--namespace=$CO_NAMESPACE"
 fi
 
-$CO_CMD create -f $DIR/service-account.yaml
+expenv -f $DIR/service-account.yaml | $CO_CMD create -f -
 #$CO_CMD create -f $DIR/cluster-role-binding.yaml
-$CO_CMD create -f $DIR/rbac.yaml
+expenv -f $DIR/rbac.yaml | $CO_CMD create -f -
 
 $CO_CMD create secret generic apiserver-conf-secret \
         --from-file=server.crt=$COROOT/conf/apiserver/server.crt \
diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml
@@ -38,15 +38,15 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: User
-  name: system:serviceaccount:demo:postgres-operator
+  name: system:serviceaccount:$CO_NAMESPACE:postgres-operator
 
 ---
 
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: nspostgresrole
-  namespace: demo
+  namespace: $CO_NAMESPACE
 rules:
   - verbs:
       - '*'
@@ -61,14 +61,14 @@ apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: RoleBinding
 metadata:
   name: nspgrolebind
-  namespace: demo
+  namespace: $CO_NAMESPACE
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: nspostgresrole
 subjects:
 - kind: ServiceAccount
   name: postgres-operator
-  namespace: demo
+  namespace: $CO_NAMESPACE
 
 ---
diff --git a/deploy/service-account.yaml b/deploy/service-account.yaml
@@ -2,4 +2,4 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: postgres-operator
-  namespace: demo
+  namespace: $CO_NAMESPACE
