Skip to content

Commit

Permalink
feat: correct rbac for running in cluster
Browse files Browse the repository at this point in the history
  • Loading branch information
knechtionscoding committed Apr 5, 2023
1 parent 35bb4f8 commit 54ccd8d
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 14 deletions.
4 changes: 2 additions & 2 deletions charts/ecr-cleanup/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.2.9
version: 0.2.10

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.2.9"
appVersion: "0.2.10"
2 changes: 1 addition & 1 deletion charts/ecr-cleanup/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ Deploys a job that cleans up an ECR repo based on the following rules.
3. Has the container been tagged with the word `keep`
4. Is the container the only tag in the ECR repository

![Version: 0.2.9](https://img.shields.io/badge/Version-0.2.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.9](https://img.shields.io/badge/AppVersion-0.2.9-informational?style=flat-square)
![Version: 0.2.10](https://img.shields.io/badge/Version-0.2.10-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.2.10](https://img.shields.io/badge/AppVersion-0.2.10-informational?style=flat-square)

## Values

Expand Down
22 changes: 11 additions & 11 deletions charts/ecr-cleanup/templates/rbac.yaml
Original file line number Diff line number Diff line change
@@ -1,29 +1,29 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
kind: ClusterRole
metadata:
namespace: {{ .Release.Namespace }}
name: {{ .Values.serviceAccount.name }}
rules:
- apiGroups: ["v1"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "watch", "list"]
- apiGroups: ["apps/v1"]
resources: ["daemonsets ","deployments","statefulsets"]
- apiGroups: ["apps"]
resources: ["daemonsets","deployments","statefulsets"]
verbs: ["get", "watch", "list"]
- apiGroups: ["batch/v1"]
- apiGroups: ["batch"]
resources: ["jobs","cronjobs"]
verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
# This cluster role binding allows anyone in the "manager" group to
# read secrets in any namespace.
kind: ClusterRoleBinding
metadata:
name: {{ .Values.serviceAccount.name }}
namespace: {{.Release.Namespace}}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
kind: ClusterRole
name: {{ .Values.serviceAccount.name }}
subjects:
- namespace: {{.Release.Namespace}}
kind: ServiceAccount
- kind: ServiceAccount
name: {{ .Values.serviceAccount.name }}
namespace: {{.Release.Namespace}}

0 comments on commit 54ccd8d

Please sign in to comment.