pkg/asset: Add flannel service account and RBAC

pkg/asset/asset.go

@@ -41,8 +41,11 @@ const (
 	AssetPathProxy                       = "manifests/kube-proxy.yaml"
 	AssetPathProxySA                     = "manifests/kube-proxy-sa.yaml"
 	AssetPathProxyRoleBinding            = "manifests/kube-proxy-role-binding.yaml"
-	AssetPathKubeFlannel                 = "manifests/kube-flannel.yaml"
-	AssetPathKubeFlannelCfg              = "manifests/kube-flannel-cfg.yaml"
+	AssetPathFlannel                     = "manifests/flannel.yaml"
+	AssetPathFlannelCfg                  = "manifests/flannel-cfg.yaml"
+	AssetPathFlannelClusterRole          = "manifests/flannel-cluster-role.yaml"
+	AssetPathFlannelClusterRoleBinding   = "manifests/flannel-cluster-role-binding.yaml"
+	AssetPathFlannelSA                   = "manifests/flannel-sa.yaml"
 	AssetPathCalico                      = "manifests/calico.yaml"
 	AssetPathCalicoPolicyOnly            = "manifests/calico-policy-only.yaml"
 	AssetPathCalicoCfg                   = "manifests/calico-config.yaml"

pkg/asset/internal/templates.go

@@ -1045,7 +1045,54 @@ spec:
   dnsPolicy: ClusterFirstWithHostNet
 `)
 
-var KubeFlannelCfgTemplate = []byte(`apiVersion: v1
+var FlannelClusterRole = []byte(`apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+  name: flannel
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+`)
+
+var FlannelClusterRoleBinding = []byte(`apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: flannel
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: flannel
+subjects:
+- kind: ServiceAccount
+  name: flannel
+  namespace: kube-system
+`)
+
+var FlannelServiceAccount = []byte(`apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: flannel
+  namespace: kube-system
+`)
+
+var FlannelCfgTemplate = []byte(`apiVersion: v1
 kind: ConfigMap
 metadata:
   name: kube-flannel-cfg
@@ -1083,7 +1130,7 @@ data:
     }
 `)
 
-var KubeFlannelTemplate = []byte(`apiVersion: apps/v1beta2
+var FlannelTemplate = []byte(`apiVersion: apps/v1beta2
 kind: DaemonSet
 metadata:
   name: kube-flannel
@@ -1102,6 +1149,7 @@ spec:
         tier: node
         k8s-app: flannel
     spec:
+      serviceAccountName: flannel
       containers:
       - name: kube-flannel
         image: {{ .Images.Flannel }}

pkg/asset/k8s.go

@@ -70,8 +70,11 @@ func newDynamicAssets(conf Config) Assets {
 	switch conf.NetworkProvider {
 	case NetworkFlannel:
 		assets = append(assets,
-			MustCreateAssetFromTemplate(AssetPathKubeFlannelCfg, internal.KubeFlannelCfgTemplate, conf),
-			MustCreateAssetFromTemplate(AssetPathKubeFlannel, internal.KubeFlannelTemplate, conf),
+			MustCreateAssetFromTemplate(AssetPathFlannel, internal.FlannelTemplate, conf),
+			MustCreateAssetFromTemplate(AssetPathFlannelCfg, internal.FlannelCfgTemplate, conf),
+			MustCreateAssetFromTemplate(AssetPathFlannelClusterRole, internal.FlannelClusterRole, conf),
+			MustCreateAssetFromTemplate(AssetPathFlannelClusterRoleBinding, internal.FlannelClusterRoleBinding, conf),
+			MustCreateAssetFromTemplate(AssetPathFlannelSA, internal.FlannelServiceAccount, conf),
 		)
 	case NetworkCalico:
 		assets = append(assets,