rename bootstrap sa and rbac (#802)

Signed-off-by: Zhiwei Yin <[email protected]>

deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role.yaml

@@ -2,7 +2,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: system:open-cluster-management:bootstrap
+  name: open-cluster-management:bootstrap
 rules:
 - apiGroups:
   - ""

deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_cluster_role_binding.yaml

@@ -2,11 +2,11 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: cluster-bootstrap
+  name: open-cluster-management:bootstrap:managedcluster
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: system:open-cluster-management:bootstrap
+  name: open-cluster-management:bootstrap
 subjects:
 - kind: Group
   apiGroup: rbac.authorization.k8s.io

deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa.yaml

@@ -2,6 +2,6 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: cluster-bootstrap
+  name: agent-registration-bootstrap
   namespace: {{ .Release.Namespace }}
 {{- end }}

deploy/cluster-manager/chart/cluster-manager/templates/bootstrap_sa_cluster_role_binding.yaml

@@ -2,13 +2,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: cluster-bootstrap-sa
+  name: open-cluster-management:bootstrap:agent-registration
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: system:open-cluster-management:bootstrap
+  name: open-cluster-management:bootstrap
 subjects:
   - kind: ServiceAccount
-    name: cluster-bootstrap
+    name: agent-registration-bootstrap
     namespace: {{ .Release.Namespace }}
 {{- end }}

deploy/cluster-manager/chart/cluster-manager/templates/cluster_manager.yaml

@@ -22,7 +22,7 @@ spec:
       - system:bootstrap:bootstrap-token-ocmhub
       {{- end }}
       {{- if .Values.createBootstrapSA }}
-      - system:serviceaccount:open-cluster-management:cluster-bootstrap
+      - system:serviceaccount:{{ .Release.Namespace }}:agent-registration-bootstrap
       {{- end }}
     {{- end }}
     {{- with .Values.clusterManager.registrationConfiguration.featureGates }}

deploy/cluster-manager/chart/cluster-manager/templates/cluster_role.yaml

@@ -10,7 +10,7 @@ rules:
 - apiGroups: [""]
   resources: ["serviceaccounts/token"]
   resourceNames:
-    - "cluster-bootstrap"
+    - "agent-registration-bootstrap"
   verbs: ["get", "create"]
 - apiGroups: [""]
   resources: ["pods"]

deploy/cluster-manager/config/rbac/cluster_role.yaml

@@ -12,7 +12,7 @@ rules:
 - apiGroups: [""]
   resources: ["serviceaccounts/token"]
   resourceNames:
-    - "cluster-bootstrap"
+    - "agent-registration-bootstrap"
   verbs: ["get", "create"]
 - apiGroups: [""]
   resources: ["pods"]

deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml

@@ -130,7 +130,7 @@ spec:
         - apiGroups:
           - ""
           resourceNames:
-          - cluster-bootstrap
+          - agent-registration-bootstrap
           resources:
           - serviceaccounts/token
           verbs:

manifests/cluster-manager/hub/cluster-manager-registration-clusterrole.yaml

@@ -17,7 +17,7 @@ rules:
 - apiGroups: [""]
   resources: ["serviceaccounts/token"]
   resourceNames:
-    - "cluster-bootstrap"
+    - "agent-registration-bootstrap"
   verbs: ["get", "create"]
 - apiGroups: [""]
   resources: ["pods"]

pkg/registration/hub/importer/importer.go

@@ -38,7 +38,7 @@ import (
 
 const (
 	operatorNamesapce               = "open-cluster-management"
-	bootstrapSA                     = "cluster-bootstrap"
+	bootstrapSA                     = "agent-registration-bootstrap"
 	ManagedClusterConditionImported = "Imported"
 )