Use the project-specific service account for the operator

Previously the project is using the `default` service account to deploy and run the operator, which is not safe. This PR follows the [introduction](operator-framework/operator-sdk#4468) to run the operator with a project-specific service account (xxx-operator-controller-manager) to fix this issue.

config/manager/manager.yaml

@@ -42,7 +42,7 @@ spec:
       containers:
       - name: flink-operator
         image: flink-operator:latest
-        command:      
+        command:
         - /flink-operator
         args:
         - --enable-leader-election
@@ -53,4 +53,5 @@ spec:
           requests:
             cpu: 100m
             memory: 20Mi
+      serviceAccountName: controller-manager
       terminationGracePeriodSeconds: 10

config/rbac/auth_proxy_role_binding.yaml

@@ -22,5 +22,5 @@ roleRef:
   name: proxy-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

config/rbac/kustomization.yaml

@@ -23,3 +23,4 @@ resources:
 - auth_proxy_service.yaml
 - auth_proxy_role.yaml
 - auth_proxy_role_binding.yaml
+- service_account.yaml

config/rbac/leader_election_role_binding.yaml

@@ -22,5 +22,5 @@ roleRef:
   name: leader-election-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

config/rbac/role_binding.yaml

@@ -22,5 +22,5 @@ roleRef:
   name: manager-role
 subjects:
 - kind: ServiceAccount
-  name: default
+  name: controller-manager
   namespace: system

config/rbac/service_account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: controller-manager
+  namespace: system