Skip to content

Commit d2aff6e

Browse files
mkowalskimkowalski
committed
Use Role instead of ClusterRole for on-prem services
1 parent d42572e commit d2aff6e

File tree

1 file changed

+45
-5
lines changed

1 file changed

+45
-5
lines changed

install/0000_80_machine-config_03_rbac.yaml

+45-5
Original file line numberDiff line numberDiff line change
@@ -78,9 +78,49 @@ subjects:
7878
# Because host networking components right now only run on on-prem platforms, we create RoleBinding
7979
# explicitly only in namespaces for OpenStack, BareMetal, vSphere and Nutanix.
8080
apiVersion: rbac.authorization.k8s.io/v1
81-
kind: ClusterRole
81+
kind: Role
8282
metadata:
8383
name: host-networking-services
84+
namespace: openshift-openstack-infra
85+
annotations:
86+
include.release.openshift.io/self-managed-high-availability: "true"
87+
include.release.openshift.io/single-node-developer: "true"
88+
rules:
89+
- apiGroups: [""]
90+
resources: ["configmaps"]
91+
verbs: ["get", "list", "watch"]
92+
---
93+
apiVersion: rbac.authorization.k8s.io/v1
94+
kind: Role
95+
metadata:
96+
name: host-networking-services
97+
namespace: openshift-kni-infra
98+
annotations:
99+
include.release.openshift.io/self-managed-high-availability: "true"
100+
include.release.openshift.io/single-node-developer: "true"
101+
rules:
102+
- apiGroups: [""]
103+
resources: ["configmaps"]
104+
verbs: ["get", "list", "watch"]
105+
---
106+
apiVersion: rbac.authorization.k8s.io/v1
107+
kind: Role
108+
metadata:
109+
name: host-networking-services
110+
namespace: openshift-vsphere-infra
111+
annotations:
112+
include.release.openshift.io/self-managed-high-availability: "true"
113+
include.release.openshift.io/single-node-developer: "true"
114+
rules:
115+
- apiGroups: [""]
116+
resources: ["configmaps"]
117+
verbs: ["get", "list", "watch"]
118+
---
119+
apiVersion: rbac.authorization.k8s.io/v1
120+
kind: Role
121+
metadata:
122+
name: host-networking-services
123+
namespace: openshift-nutanix-infra
84124
annotations:
85125
include.release.openshift.io/self-managed-high-availability: "true"
86126
include.release.openshift.io/single-node-developer: "true"
@@ -102,7 +142,7 @@ subjects:
102142
kind: Group
103143
name: system:nodes
104144
roleRef:
105-
kind: ClusterRole
145+
kind: Role
106146
name: host-networking-services
107147
---
108148
apiVersion: rbac.authorization.k8s.io/v1
@@ -118,7 +158,7 @@ subjects:
118158
kind: Group
119159
name: system:nodes
120160
roleRef:
121-
kind: ClusterRole
161+
kind: Role
122162
name: host-networking-services
123163
---
124164
apiVersion: rbac.authorization.k8s.io/v1
@@ -134,7 +174,7 @@ subjects:
134174
kind: Group
135175
name: system:nodes
136176
roleRef:
137-
kind: ClusterRole
177+
kind: Role
138178
name: host-networking-services
139179
---
140180
apiVersion: rbac.authorization.k8s.io/v1
@@ -150,5 +190,5 @@ subjects:
150190
kind: Group
151191
name: system:nodes
152192
roleRef:
153-
kind: ClusterRole
193+
kind: Role
154194
name: host-networking-services

0 commit comments

Comments
 (0)