Revert "fix(resources): do not set namespace in maester rolebinding"

This reverts commit 1fccf5f8dc.
This commit is contained in:
Philippe Caseiro 2024-01-30 12:34:54 +01:00
parent 1fccf5f8dc
commit 83b81b1056
1 changed files with 19 additions and 16 deletions

View File

@ -1,3 +1,4 @@
---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@ -10,12 +11,12 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role name: hydra-maester-role
rules: rules:
- apiGroups: ["hydra.ory.sh"] - apiGroups: ["hydra.ory.sh"]
resources: ["oauth2clients", "oauth2clients/status"] resources: ["oauth2clients", "oauth2clients/status"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
verbs: ["list", "watch", "create"] verbs: ["list", "watch", "create"]
--- ---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
kind: ClusterRoleBinding kind: ClusterRoleBinding
@ -23,8 +24,9 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role-binding name: hydra-maester-role-binding
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: hydra-maester-account # Service account assigned to the controller pod. name: hydra-maester-account # Service account assigned to the controller pod.
namespace: default
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
@ -36,12 +38,12 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role name: hydra-maester-role
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["secrets"] resources: ["secrets"]
verbs: ["get", "list", "watch", "create"] verbs: ["get", "list", "watch", "create"]
- apiGroups: ["hydra.ory.sh"] - apiGroups: ["hydra.ory.sh"]
resources: ["oauth2clients", "oauth2clients/status"] resources: ["oauth2clients", "oauth2clients/status"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- ---
# Source: hydra/charts/hydra-maester/templates/rbac.yaml # Source: hydra/charts/hydra-maester/templates/rbac.yaml
kind: RoleBinding kind: RoleBinding
@ -49,8 +51,9 @@ apiVersion: rbac.authorization.k8s.io/v1
metadata: metadata:
name: hydra-maester-role-binding name: hydra-maester-role-binding
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: hydra-maester-account # Service account assigned to the controller pod. name: hydra-maester-account # Service account assigned to the controller pod.
namespace: default
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: Role kind: Role