fix(resources): do not set namespace in maester rolebinding

This commit is contained in:
Philippe Caseiro 2024-01-30 12:27:50 +01:00
parent 907618902e
commit 1fccf5f8dc
1 changed files with 16 additions and 19 deletions

View File

@ -1,4 +1,3 @@
---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@ -11,12 +10,12 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role name: hydra-maester-role
rules: rules:
- apiGroups: ["hydra.ory.sh"] - apiGroups: ["hydra.ory.sh"]
resources: ["oauth2clients", "oauth2clients/status"] resources: ["oauth2clients", "oauth2clients/status"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
verbs: ["list", "watch", "create"] verbs: ["list", "watch", "create"]
--- ---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
kind: ClusterRoleBinding kind: ClusterRoleBinding
@ -24,9 +23,8 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role-binding name: hydra-maester-role-binding
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: hydra-maester-account # Service account assigned to the controller pod. name: hydra-maester-account # Service account assigned to the controller pod.
namespace: default
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -38,12 +36,12 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role name: hydra-maester-role
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
verbs: ["get", "list", "watch", "create"] verbs: ["get", "list", "watch", "create"]
- apiGroups: ["hydra.ory.sh"] - apiGroups: ["hydra.ory.sh"]
resources: ["oauth2clients", "oauth2clients/status"] resources: ["oauth2clients", "oauth2clients/status"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- ---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
kind: RoleBinding kind: RoleBinding
@ -51,9 +49,8 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role-binding name: hydra-maester-role-binding
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: hydra-maester-account # Service account assigned to the controller pod. name: hydra-maester-account # Service account assigned to the controller pod.
namespace: default
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role