From 77add20068f6a6b79cc88b097a1857d887d26b38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20Ar=C3=A8s?= Date: Thu, 15 Jan 2026 12:53:58 -0500 Subject: [PATCH] Change internal-services-manager-role to namespace level MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace the ClusterRole by a Role and ClusterRoleBinding by a RoleBinding as this is only required in the internal-services namespace. Doing it at the cluster level was granting unnecessary permission to the other namespaces on common clusters. Signed-off-by: Hugo Arès --- components/internal-services/base/rbac/role.yaml | 2 +- components/internal-services/base/rbac/role_binding.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/internal-services/base/rbac/role.yaml b/components/internal-services/base/rbac/role.yaml index 74fb32f6..3501b8ba 100644 --- a/components/internal-services/base/rbac/role.yaml +++ b/components/internal-services/base/rbac/role.yaml @@ -1,6 +1,6 @@ --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: name: internal-services-manager-role rules: diff --git a/components/internal-services/base/rbac/role_binding.yaml b/components/internal-services/base/rbac/role_binding.yaml index 41db895a..697ebde3 100644 --- a/components/internal-services/base/rbac/role_binding.yaml +++ b/components/internal-services/base/rbac/role_binding.yaml @@ -1,5 +1,5 @@ apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: labels: app.kubernetes.io/name: clusterrolebinding @@ -11,7 +11,7 @@ metadata: name: internal-services-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io - kind: ClusterRole + kind: Role name: internal-services-manager-role subjects: - kind: ServiceAccount