From 71a483e3d266b2294746ed1813f97c3bd194e625 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Fri, 27 Jan 2023 11:47:36 -0800 Subject: [PATCH] [rancher-sachet] Move role+rolebinding for PSPs to psp.yaml --- .../rancher-sachet/charts/templates/psp.yaml | 30 +++++++++++++++++++ .../rancher-sachet/charts/templates/role.yaml | 17 ----------- .../charts/templates/rolebinding.yaml | 15 ---------- 3 files changed, 30 insertions(+), 32 deletions(-) delete mode 100644 packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml delete mode 100644 packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml diff --git a/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml b/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml index a474a0d32..5d6d60b36 100644 --- a/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml +++ b/packages/rancher-alerting/rancher-sachet/charts/templates/psp.yaml @@ -28,4 +28,34 @@ spec: volumes: - 'configMap' - 'secret' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +rules: + - apiGroups: + - policy + resourceNames: + - {{ include "sachet.fullname" . }}-psp + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "sachet.fullname" . }}-psp + namespace: {{ include "sachet.namespace" . }} + labels: {{ include "sachet.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ include "sachet.fullname" . }}-psp +subjects: + - kind: ServiceAccount + name: {{ include "sachet.fullname" . }} {{- end }} diff --git a/packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml b/packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml deleted file mode 100644 index 4b4296cf4..000000000 --- a/packages/rancher-alerting/rancher-sachet/charts/templates/role.yaml +++ /dev/null @@ -1,17 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "sachet.fullname" . }}-psp - namespace: {{ include "sachet.namespace" . }} - labels: {{ include "sachet.labels" . | nindent 4 }} -rules: - - apiGroups: - - policy - resourceNames: - - {{ include "sachet.fullname" . }}-psp - resources: - - podsecuritypolicies - verbs: - - use -{{- end }} diff --git a/packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml b/packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml deleted file mode 100644 index 000d7e7bd..000000000 --- a/packages/rancher-alerting/rancher-sachet/charts/templates/rolebinding.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if .Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy" }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "sachet.fullname" . }}-psp - namespace: {{ include "sachet.namespace" . }} - labels: {{ include "sachet.labels" . | nindent 4 }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "sachet.fullname" . }}-psp -subjects: - - kind: ServiceAccount - name: {{ include "sachet.fullname" . }} -{{- end }}