From 83b81b1056a7d1590c7b815237620907b35ed570 Mon Sep 17 00:00:00 2001 From: Philippe Caseiro Date: Tue, 30 Jan 2024 12:34:54 +0100 Subject: [PATCH] Revert "fix(resources): do not set namespace in maester rolebinding" This reverts commit 1fccf5f8dcd6e9ce8ac9ad62cceb26e4b0db4c40. --- .../resources/hydra-maester-rbac.yaml | 35 ++++++++++--------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml index 258ed0a..03548b3 100644 --- a/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml +++ b/resources/hydra/resources/hydra-maester/resources/hydra-maester-rbac.yaml @@ -1,3 +1,4 @@ +--- # Source: hydra/charts/hydra-maester/templates/rbac.yaml apiVersion: v1 kind: ServiceAccount @@ -10,12 +11,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: -- apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] -- apiGroups: [""] - resources: ["secrets"] - verbs: ["list", "watch", "create"] + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["list", "watch", "create"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: ClusterRoleBinding @@ -23,8 +24,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: -- kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -36,12 +38,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "list", "watch", "create"] -- apiGroups: ["hydra.ory.sh"] - resources: ["oauth2clients", "oauth2clients/status"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "list", "watch", "create"] + - apiGroups: ["hydra.ory.sh"] + resources: ["oauth2clients", "oauth2clients/status"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] --- # Source: hydra/charts/hydra-maester/templates/rbac.yaml kind: RoleBinding @@ -49,8 +51,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: hydra-maester-role-binding subjects: -- kind: ServiceAccount - name: hydra-maester-account # Service account assigned to the controller pod. + - kind: ServiceAccount + name: hydra-maester-account # Service account assigned to the controller pod. + namespace: default roleRef: apiGroup: rbac.authorization.k8s.io kind: Role