From 1fccf5f8dcd6e9ce8ac9ad62cceb26e4b0db4c40 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 12:27:50 +0100 Subject: [PATCH] fix(resources): do not set namespace in maester rolebinding --- .../resources/hydra-maester-rbac.yaml | 35 +++++++++---------- 1 file changed, 16 insertions(+), 19 deletions(-) diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml index 03548b3..258ed0a 100644 --- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml @@ -1,4 +1,3 @@ ---- # Source: hydra/charts/hydra-maester/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -11,12 +10,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: - - apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "create"] +- apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "create"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: ClusterRoleBinding @@ -24,9 +23,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: - - kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. - namespace: default +- kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -38,12 +36,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create"] - - apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create"] +- apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: RoleBinding @@ -51,9 +49,8 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: - - kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. - namespace: default +- kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. roleRef: apiGroup: rbac.authorization.k8s.io kind: Role