Currently, when shipperctl is trying to set up the application cluster, it uses the service account that was created when "joining" the two clusters together.
However, this adds an unnecessary step right now, since the service account that we create doesn't have the permission to create CRDs, ClusterRoleBindings, and so on. It's also not safe to give the service account these permissions.
However, the user who is running shipperctl has these permissions, so we should use those permissions and do everything through the current user's context, who has to be an administrator anyway.
Currently, when shipperctl is trying to set up the application cluster, it uses the service account that was created when "joining" the two clusters together.
However, this adds an unnecessary step right now, since the service account that we create doesn't have the permission to create CRDs, ClusterRoleBindings, and so on. It's also not safe to give the service account these permissions.
However, the user who is running
shipperctl
has these permissions, so we should use those permissions and do everything through the current user's context, who has to be an administrator anyway.