🐛 feat(rbac): use real ServiceAccount instead of default

[cwrau]

Closes #518

[k8s-ci-robot]

Welcome @cwrau!

It looks like this is your first PR to kubernetes-sigs/cluster-api-operator 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-operator has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @cwrau. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-cluster-api-operator ready!

Name	Link
🔨 Latest commit	a4db00b
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-cluster-api-operator/deploys/6643195988c0dd00082858fc
😎 Deploy Preview	https://deploy-preview-519--kubernetes-sigs-cluster-api-operator.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[cwrau]

I don't know how I would make the serviceAccountName in the deployment.yaml "generated" like the name in the service_account.yaml, so I just hardcoded it to the value that got generated?

[Fedosin]

/ok-to-test

[cwrau]

Heyho, is there something I can do to help this get merged? 😊

[alexander-demicev]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexander-demicev

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [alexander-demicev]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[furkatgofurov7]

Q: is this set to false and best practice, when the default SA is used?

[cwrau]

If I understand the question correctly, yes, it's best-practice to set this to false when not using a custom serviceAccount to prevent the accidental usage of the default serviceAccount

In general it's best-practice to not use the default serviceAccount anyways

[furkatgofurov7]

/lgtm

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: f5f14b2b0c0f7450c4f4b41b5755d685ac50892c

[cwrau]

Heyho, is there a timeline when this will be released?

[furkatgofurov7]

@cwrau since this is breaking change and can't be released with patch release (and in fact it was not backported). I just checked the changelog since last minor v0.11 release and it is quite small for cutting a minor release. How urgent this change for you, can we give some more time for new minor release before cutting it?

cc @Fedosin @alexander-demicev @Danil-Grigorev

[cwrau]

@cwrau since this is breaking change

Why is this a breaking change? 🤔
Everything just worked after this change for me

and can't be released with patch release (and in fact it was not backported). I just checked the changelog since last minor v0.11 release

But if we assume that this is a breaking change, why would you ever want to release this as a minor version instead of a breaking one?! 😮

and it is quite small for cutting a minor release. How urgent this change for you, can we give some more time for new minor release before cutting it?

cc @Fedosin @alexander-demicev @Danil-Grigorev

Is it a problem to release frequently with small changes? 🤔

But it's not urgent right now, we're using flux pathes to rectify this in the meantime

[furkatgofurov7]

Why is this a breaking change? 🤔
Everything just worked after this change for me

That is because the PR was labelled with ⚠️:

cluster-api-operator/.github/PULL_REQUEST_TEMPLATE.md

Line 2 in fbe3b5a

<!-- the icon will be either ⚠️ (:warning:, major or breaking changes), ✨ (:sparkles:, feature additions), 🐛 (:bug:, patch and bugfixes), 📖 (:book:, documentation or proposals), or 🌱 (:seedling:, minor or other) -->

so that was my assumption

But if we assume that this is a breaking change, why would you ever want to release this as a minor version instead of a breaking one?!

Breaking changes are usually accepted and released as part of the minor releases and not the patch. I am not sure what do you mean as "breaking one" in this context.

[cwrau]

Why is this a breaking change? 🤔
Everything just worked after this change for me

That is because the PR was labelled with ⚠️:

cluster-api-operator/.github/PULL_REQUEST_TEMPLATE.md

Line 2 in fbe3b5a

<!-- the icon will be either ⚠️ (:warning:, major or breaking changes), ✨ (:sparkles:, feature additions), 🐛 (:bug:, patch and bugfixes), 📖 (:book:, documentation or proposals), or 🌱 (:seedling:, minor or other) -->

so that was my assumption

Ah, @Fedosin changed the title at some point, maybe he can chime in why?

But if we assume that this is a breaking change, why would you ever want to release this as a minor version instead of a breaking one?!

Breaking changes are usually accepted and released as part of the minor releases and not the patch. I am not sure what do you mean as "breaking one" in this context.

Oh, sorry, typo 😅
I meant major release

So this project is not following semver? 😕

[furkatgofurov7]

So this project is not following semver? 😕

Well, it does follow semver in a way similar to how CAPI does https://cluster-api.sigs.k8s.io/contributing?highlight=release#breaking-changes, but in semVer world breaking changes should land in major release, that I agree.

Also, by looking at this PR again, IMO it is not a breaking change but rather a bug fix considering what it tries to solve