Expected Behavior
When creating a new Bus, an existing service account should be used with RBAC rules predefined.
Actual Behavior
The controller will create a new service account and RBAC rules for each Bus.
Additional Info
In adding support for ClusterBuses we solves the issues of running bus pods in another namespace, and simplified the controller because a single pre-provisioned service account and RBAC rules are defined. Buses can use this account if the provisioner/dispatcher run in the knative-eventing namespace.
This also means that the eventing-controller will no longer need to create service accounts and RBAC rules, so the controller will be able to run in a reduced privilege account.
Refs #207
/assign @scothis
Expected Behavior
When creating a new Bus, an existing service account should be used with RBAC rules predefined.
Actual Behavior
The controller will create a new service account and RBAC rules for each Bus.
Additional Info
In adding support for ClusterBuses we solves the issues of running bus pods in another namespace, and simplified the controller because a single pre-provisioned service account and RBAC rules are defined. Buses can use this account if the provisioner/dispatcher run in the knative-eventing namespace.
This also means that the eventing-controller will no longer need to create service accounts and RBAC rules, so the controller will be able to run in a reduced privilege account.
Refs #207
/assign @scothis