diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml
index 8fbd547b43e538f4fdf0615765d1237056bb2470..d40d3d2f8d6b0c9e2bde809a27639e18c9cf06bd 100644
--- a/roles/dnsmasq/tasks/main.yml
+++ b/roles/dnsmasq/tasks/main.yml
@@ -59,7 +59,6 @@
with_items:
- "dnsmasq-clusterrolebinding.yml"
- "dnsmasq-serviceaccount.yml"
- when: rbac_enabled
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
@@ -68,7 +67,6 @@
with_items:
- "dnsmasq-clusterrolebinding.yml"
- "dnsmasq-serviceaccount.yml"
- when: rbac_enabled
delegate_to: "{{ groups['kube-master'][0] }}"
run_once: true
diff --git a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2 b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
index d871bcbf96d434fe6e8c00ce97d56ecf44245f1e..a6d1df9348b8734fde08fea33f3f5bf1b2293ede 100644
--- a/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
+++ b/roles/dnsmasq/templates/dnsmasq-autoscaler.yml.j2
@@ -31,9 +31,7 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
spec:
-{% if rbac_enabled %}
serviceAccountName: dnsmasq
-{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index 3d7e141ae4f8d5c9491b70c77556501b57136051..312b6aca8a5aaa100a5423563e5e81f4ac3fe87e 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -66,8 +66,3 @@ dashboard_token_ttl: 900
# SSL
etcd_cert_dir: "/etc/ssl/etcd/ssl"
canal_cert_dir: "/etc/canal/certs"
-
-rbac_resources:
- - sa
- - clusterrole
- - clusterrolebinding
diff --git a/roles/kubernetes-apps/ansible/tasks/coredns.yml b/roles/kubernetes-apps/ansible/tasks/coredns.yml
index fcd6c4c6d01d4c5dd1b84b01d72f3b36287d368c..c52cf7ba8fc9cacef4017c83ec01f4f522059a40 100644
--- a/roles/kubernetes-apps/ansible/tasks/coredns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/coredns.yml
@@ -16,7 +16,6 @@
when:
- dns_mode in ['coredns', 'coredns_dual']
- inventory_hostname == groups['kube-master'][0]
- - rbac_enabled or item.type not in rbac_resources
tags:
- coredns
@@ -34,6 +33,5 @@
when:
- dns_mode == 'coredns_dual'
- inventory_hostname == groups['kube-master'][0]
- - rbac_enabled or item.type not in rbac_resources
tags:
- coredns
diff --git a/roles/kubernetes-apps/ansible/tasks/kubedns.yml b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
index b2199d44667f18af05f6a953ce8aee366e3476c7..e7bf8298fa2fcfdca3019c81e7220e156e632c60 100644
--- a/roles/kubernetes-apps/ansible/tasks/kubedns.yml
+++ b/roles/kubernetes-apps/ansible/tasks/kubedns.yml
@@ -16,7 +16,6 @@
when:
- dns_mode in ['kubedns','dnsmasq_kubedns']
- inventory_hostname == groups['kube-master'][0]
- - rbac_enabled or item.type not in rbac_resources
tags:
- dnsmasq
- kubedns
diff --git a/roles/kubernetes-apps/ansible/tasks/netchecker.yml b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
index 0a133abb5c3065446a6cde1de7f6d93adddf02a4..bf0322a2714c05d92a2f2fb84355e6a4c47005ec 100644
--- a/roles/kubernetes-apps/ansible/tasks/netchecker.yml
+++ b/roles/kubernetes-apps/ansible/tasks/netchecker.yml
@@ -35,7 +35,6 @@
register: manifests
when:
- inventory_hostname == groups['kube-master'][0]
- - rbac_enabled or item.type not in rbac_resources
- name: Kubernetes Apps | Purge old Netchecker server
kube:
diff --git a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
index dc1f5193755fd20e51cca20495ad4d34a0215128..27c0576a1f7119455db5a13fb1c7dd9ca8ea8df1 100644
--- a/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-deployment.yml.j2
@@ -26,9 +26,7 @@ spec:
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
-{% if rbac_enabled %}
serviceAccountName: coredns
-{% endif %}
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
index 73ae3a01a83cf049ccb5b7dc07b4d07ae506064a..11c8d37f0bd2089085461e4b514f86bf844ef3ed 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-autoscaler.yml.j2
@@ -64,6 +64,4 @@ spec:
- --default-params={"linear":{"nodesPerReplica":{{ kubedns_nodes_per_replica }},"min":{{ kubedns_min_replicas }}}}
- --logtostderr=true
- --v=2
-{% if rbac_enabled %}
serviceAccountName: cluster-proportional-autoscaler
-{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2 b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
index 38858a6216919d9d4a568ba761dc1bf891abb071..549d93c1420aa5d5025084a41d74386710a5ea9a 100644
--- a/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/kubedns-deploy.yml.j2
@@ -172,6 +172,4 @@ spec:
memory: 20Mi
cpu: 10m
dnsPolicy: Default # Don't use cluster DNS.
-{% if rbac_enabled %}
serviceAccountName: kube-dns
-{% endif %}
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
index 6e2738e6fc753b0ac210b95db1e412e955cde4fd..30e3b590778e06719ea5db1e227cc7807d5e3d94 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
@@ -33,6 +33,4 @@ spec:
tolerations:
- effect: NoSchedule
operator: Exists
-{% if rbac_enabled %}
serviceAccountName: netchecker-server
-{% endif %}
diff --git a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
index b6055132b00de1c2e840a77a40410202972fedce..888cbd189ce039e84cf6f218471a5213acaec81f 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
+++ b/roles/kubernetes-apps/efk/elasticsearch/tasks/main.yml
@@ -7,7 +7,6 @@
- "efk-sa.yml"
- "efk-clusterrolebinding.yml"
run_once: true
- when: rbac_enabled
- name: "ElasticSearch | Create Serviceaccount and Clusterrolebinding (RBAC)"
command: "{{ bin_dir }}/kubectl apply -f {{ kube_config_dir }}/{{ item }} -n kube-system"
@@ -15,7 +14,6 @@
- "efk-sa.yml"
- "efk-clusterrolebinding.yml"
run_once: true
- when: rbac_enabled
- name: "ElasticSearch | Write ES deployment"
template:
diff --git a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2 b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
index 51666c1f21f896e2cb01a269efa8938757e2cc1a..ad1adc536c627304718d975984ddb684dac017e6 100644
--- a/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/elasticsearch/templates/elasticsearch-deployment.yml.j2
@@ -52,9 +52,7 @@ spec:
volumes:
- name: es-persistent-storage
emptyDir: {}
-{% if rbac_enabled %}
serviceAccountName: efk
-{% endif %}
initContainers:
- image: alpine:3.6
command: ["/sbin/sysctl", "-w", "vm.max_map_count=262144"]
diff --git a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2 b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
index 6405f0cc93682cd4c344c4d68d423ea50118802b..6e9ad30c03d0aeb1cef0eac8412d743ee192bd6b 100644
--- a/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
+++ b/roles/kubernetes-apps/efk/fluentd/templates/fluentd-ds.yml.j2
@@ -28,9 +28,7 @@ spec:
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
priorityClassName: system-node-critical
-{% if rbac_enabled %}
serviceAccountName: efk
-{% endif %}
containers:
- name: fluentd-es
image: "{{ fluentd_image_repo }}:{{ fluentd_image_tag }}"
diff --git a/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2 b/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
index 880482d4de064139b5b541d1c8d52f6b57bf9126..b9c875be6863d184086f57357624664ef766d930 100644
--- a/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
+++ b/roles/kubernetes-apps/efk/kibana/templates/kibana-deployment.yml.j2
@@ -46,7 +46,4 @@ spec:
- containerPort: 5601
name: ui
protocol: TCP
-{% if rbac_enabled %}
serviceAccountName: efk
-{% endif %}
-
diff --git a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2 b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
index 17c8c3d36615a64fdd4cfb56b66d63e867264deb..838137e8b8b040084d5b95a90b49cfeced4213fe 100644
--- a/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
+++ b/roles/kubernetes-apps/external_provisioner/cephfs_provisioner/templates/deploy-cephfs-provisioner.yml.j2
@@ -19,9 +19,7 @@ spec:
app: cephfs-provisioner
version: {{ cephfs_provisioner_image_tag }}
spec:
-{% if rbac_enabled %}
serviceAccount: cephfs-provisioner
-{% endif %}
containers:
- name: cephfs-provisioner
image: {{ cephfs_provisioner_image_repo }}:{{ cephfs_provisioner_image_tag }}
diff --git a/roles/kubernetes-apps/helm/tasks/main.yml b/roles/kubernetes-apps/helm/tasks/main.yml
index 7e400d3fe7680376d58caa0d47fa92a7ad762ca1..14d6ec5fe5913feb9d3a1a7bf42cf2631e6db5be 100644
--- a/roles/kubernetes-apps/helm/tasks/main.yml
+++ b/roles/kubernetes-apps/helm/tasks/main.yml
@@ -13,7 +13,7 @@
- {name: tiller, file: tiller-sa.yml, type: sa}
- {name: tiller, file: tiller-clusterrolebinding.yml, type: clusterrolebinding}
register: manifests
- when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
+ when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
- name: Helm | Apply Helm Manifests (RBAC)
kube:
@@ -24,7 +24,7 @@
filename: "{{kube_config_dir}}/{{item.item.file}}"
state: "latest"
with_items: "{{ manifests.results }}"
- when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0] and rbac_enabled
+ when: dns_mode != 'none' and inventory_hostname == groups['kube-master'][0]
- name: Helm | Install/upgrade helm
command: >
diff --git a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2 b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
index 06875464241947242dfaf172f225f5cc6e9ec939..490be52fbcfb80d58c057b4c9173128ef873fa6f 100644
--- a/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
+++ b/roles/kubernetes-apps/ingress_controller/ingress_nginx/templates/ds-ingress-nginx-controller.yml.j2
@@ -21,9 +21,7 @@ spec:
prometheus.io/port: '10254'
prometheus.io/scrape: 'true'
spec:
-{% if rbac_enabled %}
serviceAccountName: ingress-nginx
-{% endif %}
{% if ingress_nginx_host_network %}
hostNetwork: true
{% endif %}
diff --git a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
index 0e66359cc18f75ce5864ba15ddb52157d37e3566..93d12c901353196ff441b1d1882199a1316e0a15 100644
--- a/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/defaults/main.yml
@@ -8,8 +8,3 @@ calico_policy_controller_memory_requests: 64M
# SSL
calico_cert_dir: "/etc/calico/certs"
canal_cert_dir: "/etc/canal/certs"
-
-rbac_resources:
- - sa
- - clusterrole
- - clusterrolebinding
diff --git a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
index 62e929f413d7b2ec28619d9d1f3cb02171708a0d..bc2fdf7e740eec1c64c823fe36625f9cdce27dce 100644
--- a/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
+++ b/roles/kubernetes-apps/policy_controller/calico/tasks/main.yml
@@ -26,8 +26,7 @@
- {name: calico-kube-controllers, file: calico-kube-cr.yml, type: clusterrole}
- {name: calico-kube-controllers, file: calico-kube-crb.yml, type: clusterrolebinding}
register: calico_kube_manifests
- when:
- - rbac_enabled or item.type not in rbac_resources
+ when: inventory_hostname == groups['kube-master'][0] and not item|skipped
- name: Start of Calico kube controllers
kube:
diff --git a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2 b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
index d7083e3e6b30f6b38d2668d43381f4e326bf7bd7..5dcafbbc5a6c513d918b192a3f95e385edad1f83 100644
--- a/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
+++ b/roles/kubernetes-apps/policy_controller/calico/templates/calico-kube-controllers.yml.j2
@@ -21,9 +21,7 @@ spec:
k8s-app: calico-kube-controllers
spec:
hostNetwork: true
-{% if rbac_enabled %}
serviceAccountName: calico-kube-controllers
-{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/network_plugin/calico/defaults/main.yml b/roles/network_plugin/calico/defaults/main.yml
index 553eb67537d48d22934d3d177a4ac3e2c46048ce..800bbb6fcbd44fb7ab3c01db38d16f1949bd1950 100644
--- a/roles/network_plugin/calico/defaults/main.yml
+++ b/roles/network_plugin/calico/defaults/main.yml
@@ -41,11 +41,6 @@ calico_felix_prometheusprocessmetricsenabled: "true"
# see https://github.com/projectcalico/felix/blob/ab8799eaea66627e5db7717e62fca61fd9c08646/python/calico/felix/config.py#L198
calico_node_ignorelooserpf: false
-rbac_resources:
- - sa
- - clusterrole
- - clusterrolebinding
-
# If you want to use non default IP_AUTODETECTION_METHOD for calico node set this option to one of:
# * can-reach=DESTINATION
# * interface=INTERFACE-REGEX
diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml
index 18fe597c7f1ab9e3756f18f60c9c9b4cec73befd..7ce84cfdca05920e38cfe45c007f7ae39f6af207 100644
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -191,4 +191,3 @@
register: calico_node_manifests
when:
- inventory_hostname in groups['kube-master']
- - rbac_enabled or item.type not in rbac_resources
diff --git a/roles/network_plugin/calico/templates/calico-node.yml.j2 b/roles/network_plugin/calico/templates/calico-node.yml.j2
index 849ea0afb94094b2ae9d0574d7875ca8c882e81d..54dacba8f78816449c7bb6113f601887e1d79243 100644
--- a/roles/network_plugin/calico/templates/calico-node.yml.j2
+++ b/roles/network_plugin/calico/templates/calico-node.yml.j2
@@ -22,9 +22,7 @@ spec:
kubespray.etcd-cert/serial: "{{ etcd_client_cert_serial }}"
spec:
hostNetwork: true
-{% if rbac_enabled %}
serviceAccountName: calico-node
-{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/network_plugin/canal/defaults/main.yml b/roles/network_plugin/canal/defaults/main.yml
index bf74653c78b0582a64d8fb2df11c982a8a9da3c8..38696b87a1a5af788ab45f9eef0b8b486303b280 100644
--- a/roles/network_plugin/canal/defaults/main.yml
+++ b/roles/network_plugin/canal/defaults/main.yml
@@ -31,8 +31,3 @@ calicoctl_memory_limit: 170M
calicoctl_cpu_limit: 100m
calicoctl_memory_requests: 32M
calicoctl_cpu_requests: 25m
-
-rbac_resources:
- - sa
- - clusterrole
- - clusterrolebinding
diff --git a/roles/network_plugin/canal/tasks/main.yml b/roles/network_plugin/canal/tasks/main.yml
index 5b1b6a9e02e87b49dc3ad19af1e786f6cec444e0..aedb47070ed164d686ca8d8a9237fecbe20794b9 100644
--- a/roles/network_plugin/canal/tasks/main.yml
+++ b/roles/network_plugin/canal/tasks/main.yml
@@ -53,7 +53,6 @@
register: canal_manifests
when:
- inventory_hostname in groups['kube-master']
- - rbac_enabled or item.type not in rbac_resources
- name: Canal | Copy cni plugins from hyperkube
command: "{{ docker_bin_dir }}/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp -rf /opt/cni/bin/. /cnibindir/"
diff --git a/roles/network_plugin/canal/templates/canal-node.yaml.j2 b/roles/network_plugin/canal/templates/canal-node.yaml.j2
index 8535360a101b68010658b72b2beba9e42181763a..7e3ecf8d5da4088dff86408fbe8b183d1b4c8975 100644
--- a/roles/network_plugin/canal/templates/canal-node.yaml.j2
+++ b/roles/network_plugin/canal/templates/canal-node.yaml.j2
@@ -19,9 +19,7 @@ spec:
k8s-app: canal-node
spec:
hostNetwork: true
-{% if rbac_enabled %}
serviceAccountName: canal
-{% endif %}
tolerations:
- effect: NoSchedule
operator: Exists
diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml
index dea905b3b3245f8b658381864726c5e0b78cfd0e..f6a836f953b1fcc2eef7036d525882f351f4b243 100755
--- a/roles/network_plugin/cilium/defaults/main.yml
+++ b/roles/network_plugin/cilium/defaults/main.yml
@@ -18,8 +18,3 @@ cilium_cpu_requests: 100m
# Optional features
cilium_enable_prometheus: false
-
-rbac_resources:
- - sa
- - clusterrole
- - clusterrolebinding
diff --git a/roles/network_plugin/cilium/tasks/main.yml b/roles/network_plugin/cilium/tasks/main.yml
index 12408a00add334854c1c63679d4e5bb7c1f167c4..6c55be6633d1b78364d8254ee242a87bb15f5673 100755
--- a/roles/network_plugin/cilium/tasks/main.yml
+++ b/roles/network_plugin/cilium/tasks/main.yml
@@ -38,7 +38,6 @@
register: cilium_node_manifests
when:
- inventory_hostname in groups['kube-master']
- - rbac_enabled or item.type not in rbac_resources
- name: Cilium | Set CNI directory permissions
file:
diff --git a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2 b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
index 1ec322916eb62289bbcbf5143ca6da672119ffde..7fff7ac0eacfc82d41b21ac32217d11acc845f44 100755
--- a/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
+++ b/roles/network_plugin/cilium/templates/cilium-ds.yml.j2
@@ -34,9 +34,7 @@ spec:
prometheus.io/port: "9090"
{% endif %}
spec:
-{% if rbac_enabled %}
serviceAccountName: cilium
-{% endif %}
initContainers:
- name: clean-cilium-state
image: docker.io/library/busybox:1.28.4
diff --git a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2 b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
index 3ccaffaf89538a84a3ec5e5e8e26103f07c91333..cea0efe5118da2861e31eb7151ed2d33a4db8210 100644
--- a/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-api-proxy.yml.j2
@@ -27,9 +27,7 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
-{% if rbac_enabled %}
serviceAccountName: contiv-netmaster
-{% endif %}
containers:
- name: contiv-api-proxy
image: {{ contiv_auth_proxy_image_repo }}:{{ contiv_auth_proxy_image_tag }}
diff --git a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
index d41259ec16b94fdb5bd3f592137b50bfe56cbf08..787fe5c279e74dd8dcac4a65c9fa7a831d39b22c 100644
--- a/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netmaster.yml.j2
@@ -27,9 +27,7 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
-{% if rbac_enabled %}
serviceAccountName: contiv-netmaster
-{% endif %}
containers:
- name: contiv-netmaster
image: {{ contiv_image_repo }}:{{ contiv_image_tag }}
diff --git a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2 b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
index 2a7bf71cbb164786b56ebbb558e66c3c78154ea5..b7927f51c58c0400c0b10b8ce601da6d4ebd2f7a 100644
--- a/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
+++ b/roles/network_plugin/contiv/templates/contiv-netplugin.yml.j2
@@ -26,9 +26,7 @@ spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
-{% if rbac_enabled %}
serviceAccountName: contiv-netplugin
-{% endif %}
containers:
# Runs netplugin container on each Kubernetes node. This
# container programs network policy and routes on each
diff --git a/roles/network_plugin/flannel/tasks/main.yml b/roles/network_plugin/flannel/tasks/main.yml
index 29b79b11d12cf2541c6644d5177f6ee189bdab24..c0c3aee3ebd16ee21e68dba3b72bba7a67ee9a81 100644
--- a/roles/network_plugin/flannel/tasks/main.yml
+++ b/roles/network_plugin/flannel/tasks/main.yml
@@ -11,4 +11,3 @@
register: flannel_node_manifests
when:
- inventory_hostname in groups['kube-master']
- - rbac_enabled or item.type not in rbac_resources
diff --git a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2 b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
index 7ecb21ad06848de6e06949c20547845fbd505768..b201e8e7f01818ad5528d5115b3ef5a79656cc83 100644
--- a/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
+++ b/roles/network_plugin/flannel/templates/cni-flannel.yml.j2
@@ -52,9 +52,7 @@ spec:
tier: node
k8s-app: flannel
spec:
-{% if rbac_enabled %}
serviceAccountName: flannel
-{% endif %}
containers:
- name: kube-flannel
image: {{ flannel_image_repo }}:{{ flannel_image_tag }}