diff --git a/kubernetes/apps/kube-system/system-upgrade-controller/app/helmrelease.yaml b/kubernetes/apps/kube-system/system-upgrade-controller/app/helmrelease.yaml index 90dac05b8f..264b8dd371 100644 --- a/kubernetes/apps/kube-system/system-upgrade-controller/app/helmrelease.yaml +++ b/kubernetes/apps/kube-system/system-upgrade-controller/app/helmrelease.yaml @@ -101,3 +101,4 @@ spec: enabled: false serviceAccount: name: system-upgrade + create: true diff --git a/kubernetes/apps/kube-system/system-upgrade-controller/app/kustomization.yaml b/kubernetes/apps/kube-system/system-upgrade-controller/app/kustomization.yaml index 61c7576acd..0c9dd918db 100644 --- a/kubernetes/apps/kube-system/system-upgrade-controller/app/kustomization.yaml +++ b/kubernetes/apps/kube-system/system-upgrade-controller/app/kustomization.yaml @@ -4,5 +4,5 @@ kind: Kustomization resources: # renovate: datasource=github-releases depName=rancher/system-upgrade-controller - https://github.com/rancher/system-upgrade-controller/releases/download/v0.13.2/crd.yaml - - ./rbac.yaml - ./helmrelease.yaml + - ./rbac.yaml diff --git a/kubernetes/apps/kube-system/system-upgrade-controller/app/rbac.yaml b/kubernetes/apps/kube-system/system-upgrade-controller/app/rbac.yaml index f95fc8e7b9..a3db877273 100644 --- a/kubernetes/apps/kube-system/system-upgrade-controller/app/rbac.yaml +++ b/kubernetes/apps/kube-system/system-upgrade-controller/app/rbac.yaml @@ -12,11 +12,6 @@ subjects: name: system-upgrade namespace: kube-system --- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: system-upgrade ---- apiVersion: talos.dev/v1alpha1 kind: ServiceAccount metadata: diff --git a/kubernetes/apps/monitoring/gatus/app/rbac.yaml b/kubernetes/apps/monitoring/gatus/app/rbac.yaml index 76edbd30cb..d287b2a896 100644 --- a/kubernetes/apps/monitoring/gatus/app/rbac.yaml +++ b/kubernetes/apps/monitoring/gatus/app/rbac.yaml @@ -3,7 +3,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: gatus - namespace: monitoring rules: - apiGroups: [""] resources: ["configmaps", "secrets"] @@ -13,7 +12,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: gatus - namespace: monitoring roleRef: kind: ClusterRole name: gatus diff --git a/kubernetes/apps/monitoring/vector/agent/rbac.yaml b/kubernetes/apps/monitoring/vector/agent/rbac.yaml index 678d5188f3..5d8a2039f7 100644 --- a/kubernetes/apps/monitoring/vector/agent/rbac.yaml +++ b/kubernetes/apps/monitoring/vector/agent/rbac.yaml @@ -3,27 +3,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: vector-agent - labels: - app.kubernetes.io/instance: vector-agent - app.kubernetes.io/name: vector-agent rules: - - apiGroups: - - "" - resources: - - namespaces - - nodes - - pods - verbs: - - list - - watch + - apiGroups: [""] + resources: ["namespaces", "nodes", "pods"] + verbs: ["list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: vector-agent - labels: - app.kubernetes.io/instance: vector-agent - app.kubernetes.io/name: vector-agent roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/kubernetes/apps/networking/external-dns/app/rbac.yaml b/kubernetes/apps/networking/external-dns/app/rbac.yaml index 7d355b81a1..9a93460cbf 100644 --- a/kubernetes/apps/networking/external-dns/app/rbac.yaml +++ b/kubernetes/apps/networking/external-dns/app/rbac.yaml @@ -3,51 +3,21 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: external-dns - labels: - app.kubernetes.io/instance: external-dns - app.kubernetes.io/name: external-dns rules: - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - - list - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - watch - - list - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - watch - - list + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "watch", "list"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: external-dns-viewer - labels: - app.kubernetes.io/instance: external-dns - app.kubernetes.io/name: external-dns + name: external-dns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml b/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml index 84718e7616..10f7c2d11f 100644 --- a/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml +++ b/kubernetes/apps/networking/k8s-gateway/app/rbac.yaml @@ -3,26 +3,13 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: k8s-gateway - labels: - app.kubernetes.io/instance: k8s-gateway - app.kubernetes.io/name: k8s-gateway rules: - - apiGroups: - - "" - resources: - - services - - namespaces - verbs: - - list - - watch - - apiGroups: - - extensions - - networking.k8s.io - resources: - - ingresses - verbs: - - list - - watch + - apiGroups: [""] + resources: ["services", "namespaces"] + verbs: ["list", "watch"] + - apiGroups: ["extensions", "networking.k8s.io"] + resources: ["ingresses"] + verbs: ["list", "watch"] - apiGroups: ["gateway.networking.k8s.io"] resources: ["*"] verbs: ["watch", "list"] @@ -37,9 +24,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: k8s-gateway - labels: - app.kubernetes.io/instance: k8s-gateway - app.kubernetes.io/name: k8s-gateway roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole