Skip to content

Commit 77add20

Browse files
committed
Change internal-services-manager-role to namespace level
Replace the ClusterRole by a Role and ClusterRoleBinding by a RoleBinding as this is only required in the internal-services namespace. Doing it at the cluster level was granting unnecessary permission to the other namespaces on common clusters. Signed-off-by: Hugo Arès <hares@redhat.com>
1 parent a593a25 commit 77add20

2 files changed

Lines changed: 3 additions & 3 deletions

File tree

components/internal-services/base/rbac/role.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
---
22
apiVersion: rbac.authorization.k8s.io/v1
3-
kind: ClusterRole
3+
kind: Role
44
metadata:
55
name: internal-services-manager-role
66
rules:

components/internal-services/base/rbac/role_binding.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
apiVersion: rbac.authorization.k8s.io/v1
2-
kind: ClusterRoleBinding
2+
kind: RoleBinding
33
metadata:
44
labels:
55
app.kubernetes.io/name: clusterrolebinding
@@ -11,7 +11,7 @@ metadata:
1111
name: internal-services-manager-rolebinding
1212
roleRef:
1313
apiGroup: rbac.authorization.k8s.io
14-
kind: ClusterRole
14+
kind: Role
1515
name: internal-services-manager-role
1616
subjects:
1717
- kind: ServiceAccount

0 commit comments

Comments
 (0)