From cefec6b666fbc23490205cf45a8e4fb763a8f3a1 Mon Sep 17 00:00:00 2001 From: Mathieu Gaubert Date: Fri, 18 Dec 2020 11:17:58 +0100 Subject: [PATCH] fix(dex): change to clusterrole for crd creation --- dex/templates/rbac.yaml | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/dex/templates/rbac.yaml b/dex/templates/rbac.yaml index face00b4..7540e0d6 100644 --- a/dex/templates/rbac.yaml +++ b/dex/templates/rbac.yaml @@ -13,12 +13,42 @@ rules: - apiGroups: ["dex.coreos.com"] resources: ["*"] verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: {{ template "dex.name" . }} + chart: {{ template "dex.chart" . }} + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "dex.fullname" . }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "dex.fullname" . }} +subjects: + - kind: ServiceAccount + name: {{ template "dex.serviceAccountName" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: {{ template "dex.name" . }} + chart: {{ template "dex.chart" . }} + heritage: "{{ .Release.Service }}" + release: "{{ .Release.Name }}" + name: {{ template "dex.fullname" . }} + namespace: {{ .Release.Namespace }} +rules: - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding +kind: ClusterRoleBinding metadata: labels: app: {{ template "dex.name" . }} @@ -29,9 +59,10 @@ metadata: namespace: {{ .Release.Namespace }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: Role + kind: ClusterRole name: {{ template "dex.fullname" . }} subjects: - kind: ServiceAccount name: {{ template "dex.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} {{- end -}}