From 154aa53340a2cafe76963ad16314a300fc03192d Mon Sep 17 00:00:00 2001 From: petrkotas Date: Fri, 8 Nov 2024 10:54:49 +0000 Subject: [PATCH] on push: make --- ...osd-openshift-operators-redhat.Policy.yaml | 64 +++------ ...naged-cluster-config-integration.yaml.tmpl | 129 ++++++------------ ...anaged-cluster-config-production.yaml.tmpl | 129 ++++++------------ ...osd-managed-cluster-config-stage.yaml.tmpl | 129 ++++++------------ 4 files changed, 143 insertions(+), 308 deletions(-) diff --git a/deploy/acm-policies/50-GENERATED-osd-openshift-operators-redhat.Policy.yaml b/deploy/acm-policies/50-GENERATED-osd-openshift-operators-redhat.Policy.yaml index 7b848e3265..ddc9667bab 100644 --- a/deploy/acm-policies/50-GENERATED-osd-openshift-operators-redhat.Policy.yaml +++ b/deploy/acm-policies/50-GENERATED-osd-openshift-operators-redhat.Policy.yaml @@ -32,66 +32,42 @@ spec: metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge pruneObjectBehavior: DeleteIfCreated remediationAction: enforce severity: low diff --git a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl index 8cf3e650ec..b05481a48f 100644 --- a/hack/00-osd-managed-cluster-config-integration.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-integration.yaml.tmpl @@ -6448,66 +6448,42 @@ objects: metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge pruneObjectBehavior: DeleteIfCreated remediationAction: enforce severity: low @@ -32224,58 +32200,35 @@ objects: kind: Namespace metadata: name: openshift-operators-redhat + patches: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: diff --git a/hack/00-osd-managed-cluster-config-production.yaml.tmpl b/hack/00-osd-managed-cluster-config-production.yaml.tmpl index 8cf3e650ec..b05481a48f 100644 --- a/hack/00-osd-managed-cluster-config-production.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-production.yaml.tmpl @@ -6448,66 +6448,42 @@ objects: metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge pruneObjectBehavior: DeleteIfCreated remediationAction: enforce severity: low @@ -32224,58 +32200,35 @@ objects: kind: Namespace metadata: name: openshift-operators-redhat + patches: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: diff --git a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl index 8cf3e650ec..b05481a48f 100644 --- a/hack/00-osd-managed-cluster-config-stage.yaml.tmpl +++ b/hack/00-osd-managed-cluster-config-stage.yaml.tmpl @@ -6448,66 +6448,42 @@ objects: metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' + patchType: merge - complianceType: mustonlyhave metadataComplianceType: musthave objectDefinition: apiVersion: rbac.authorization.k8s.io/v1 + applyMode: AlwaysApply kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' + patchType: merge pruneObjectBehavior: DeleteIfCreated remediationAction: enforce severity: low @@ -32224,58 +32200,35 @@ objects: kind: Namespace metadata: name: openshift-operators-redhat + patches: - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: admin-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: admin-system:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: admin-system:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"admin"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat-dedicated-admins - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: dedicated-admins + name: openshift-operators-redhat-dedicated-admins + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"dedicated-admins"}]}' - apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding - metadata: - name: openshift-operators-redhat:serviceaccounts:dedicated-admin - namespace: openshift-operators-redhat - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: dedicated-admins-project - subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: system:serviceaccounts:dedicated-admin + name: openshift-operators-redhat:serviceaccounts:dedicated-admin + namespace: openshift-operators-redhat + applyMode: AlwaysApply + patchType: merge + patch: '{"roleRef":{"apiGroup":"rbac.authorization.k8s.io","kind":"ClusterRole","name":"dedicated-admins-project"},"subjects":[{"apiGroup":"rbac.authorization.k8s.io","kind":"Group","name":"system:serviceaccounts:dedicated-admin"}]}' - apiVersion: hive.openshift.io/v1 kind: SelectorSyncSet metadata: