Skip to content

Commit

Permalink
fix: update service accounts in app-template charts
Browse files Browse the repository at this point in the history 
Signed-off-by: Devin Buhl <[email protected]>
  • Loading branch information
@onedr0p
onedr0p committed Jan 3, 2024
1 parent bcc13c3 commit fef59b2
Show file tree
Hide file tree
Showing 7 changed files with 10 additions and 86 deletions.
34 changes: 0 additions & 34 deletions kubernetes/main/apps/observability/gatus/app/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,37 +1,8 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: gatus
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: gatus
meta.helm.sh/release-namespace: observability
secrets:
- name: gatus
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: gatus
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: gatus
meta.helm.sh/release-namespace: observability
kubernetes.io/service-account.name: gatus
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gatus
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: gatus
meta.helm.sh/release-namespace: observability
rules:
- apiGroups: [""]
resources: ["configmaps", "secrets"]
Expand All @@ -41,11 +12,6 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gatus
labels:
app.kubernetes.io/managed-by: Helm
annotations:
meta.helm.sh/release-name: gatus
meta.helm.sh/release-namespace: observability
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down
12 changes: 3 additions & 9 deletions kubernetes/main/apps/observability/vector/app/agent/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,9 @@ kind: ClusterRole
metadata:
name: vector-agent
rules:
- apiGroups:
- ""
resources:
- namespaces
- nodes
- pods
verbs:
- list
- watch
- apiGroups: [""]
resources: ["namespaces", "nodes", "pods"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
1 change: 1 addition & 0 deletions kubernetes/main/apps/tools/system-upgrade-controller/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ spec:
- {key: node-role.kubernetes.io/control-plane, operator: Exists, effect: NoSchedule}
- {key: node-role.kubernetes.io/etcd, operator: Exists, effect: NoExecute}
serviceAccount:
create: true
name: system-upgrade
service:
main:
Expand Down
18 changes: 1 addition & 17 deletions kubernetes/main/apps/tools/system-upgrade-controller/app/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,7 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: system-upgrade
secrets:
- name: system-upgrade
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: system-upgrade
annotations:
kubernetes.io/service-account.name: system-upgrade
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system-upgrade
name: system-upgrade
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down
12 changes: 3 additions & 9 deletions kubernetes/storage/apps/observability/vector/app/agent/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,9 @@ kind: ClusterRole
metadata:
name: vector-agent
rules:
- apiGroups:
- ""
resources:
- namespaces
- nodes
- pods
verbs:
- list
- watch
- apiGroups: [""]
resources: ["namespaces", "nodes", "pods"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand Down
1 change: 1 addition & 0 deletions kubernetes/storage/apps/tools/system-upgrade-controller/app/helmrelease.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ spec:
- {key: node-role.kubernetes.io/control-plane, operator: Exists, effect: NoSchedule}
- {key: node-role.kubernetes.io/etcd, operator: Exists, effect: NoExecute}
serviceAccount:
create: true
name: system-upgrade
service:
main:
Expand Down
18 changes: 1 addition & 17 deletions kubernetes/storage/apps/tools/system-upgrade-controller/app/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,23 +1,7 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: system-upgrade
secrets:
- name: system-upgrade
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: system-upgrade
annotations:
kubernetes.io/service-account.name: system-upgrade
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: system-upgrade
name: system-upgrade
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand Down

0 comments on commit fef59b2

Please sign in to comment.