fix: add missing policyrules for rabbitmq and mogdb (#1434)

addons/mogdb/templates/cmpd.yaml

@@ -114,6 +114,13 @@ spec:
             else
               echo -n "secondary"
             fi
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - "pods/exec"
+      verbs:
+      - "create"
   runtime:
     shareProcessNamespace: true
     securityContext:

addons/rabbitmq/templates/componentdefinition.yaml

@@ -65,6 +65,19 @@ spec:
             value: $(CLUSTER_COMPONENT_NAME)-headless
           - name: RABBITMQ_NODENAME
             value: rabbit@$(POD_NAME).$(K8S_SERVICE_NAME).$(POD_NAMESPACE)
+  policyRules:
+    - apiGroups:
+      - ""
+      resources:
+      - endpoints
+      verbs:
+      - get
+    - apiGroups:
+      - ""
+      resources:
+      - events
+      verbs:
+      - create
   runtime:
     containers:
       - name: rabbitmq

examples/mogdb/cluster.yaml

@@ -15,7 +15,6 @@ spec:
     - name: mogdb
       componentDef: mogdb
       serviceVersion: "5.0.5"
-      serviceAccountName: kb-mogdb-cluster
       replicas: 2
       # Specifies the resources required by the Component.
       resources:
@@ -42,37 +41,3 @@ spec:
               requests:
                 # Set the storage size as needed
                 storage: 20Gi
----
-# Source: mogdb-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: mogdb-cluster-switchover-role
-  namespace: default
-  labels:
-    helm.sh/chart: mogdb-cluster-1.0.0-alpha.0
-    app.kubernetes.io/version: "5.0.5"
-    app.kubernetes.io/instance: mogdb-cluster
-    app.kubernetes.io/required-by: pod
-rules:
-  - apiGroups: [""]
-    resources: ["pods/exec"]
-    verbs: ["create"]
----
-# Source: mogdb-cluster/templates/rbac.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: mogdb-cluster-switchover
-  namespace: default
-  labels:
-    helm.sh/chart: mogdb-cluster-1.0.0-alpha.0
-    app.kubernetes.io/version: "5.0.5"
-    app.kubernetes.io/instance: mogdb-cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: mogdb-cluster-switchover-role
-subjects:
-  - kind: ServiceAccount
-    name: kb-mogdb-cluster

examples/mogdb/switchover.yaml

@@ -9,7 +9,6 @@ spec:
   custom:
     # Specifies the name of the OpsDefinition, it is a custom-defined ops to perform switch-over for mogdb
     opsDefinitionName: mogdb-switchover
-    serviceAccountName: kb-mogdb-cluster
     components:
       - componentName: mogdb
         parameters:

examples/rabbitmq/cluster.yaml

@@ -20,10 +20,6 @@ spec:
       # provisioned by this Component.
       # Valid options are: [3.10.25,3.11.28,3.12.14,3.13.2,3.13.7,3.8.14,3.9.29]
       serviceVersion: 3.13.7
-      # Specifies the name of the ServiceAccount required by the running Component.
-      # RabbitMQ needs `peer-discovery` role to create events and get endpoiints
-      # This is essential for discovering other RabbitMQ nodes and forming a cluster.
-      serviceAccountName: kb-rabbitmq-cluster
       # Recommended to set `replicas` to [3,5,7]
       # All data/state is replicated across all replicas.
       replicas: 3
@@ -52,41 +48,3 @@ spec:
               requests:
                 # Set the storage size as needed
                 storage: 20Gi
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: rabbitmq-cluster-peer-discovery
-  namespace: default
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  verbs:
-  - get
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: kb-rabbitmq-cluster
-  namespace: default
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: kb-rabbitmq-cluster
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: rabbitmq-cluster-peer-discovery
-subjects:
-  - kind: ServiceAccount
-    name: kb-rabbitmq-cluster
-    namespace: default