From 478a18a6a7353bdad6c0b24f2eb0ee9e51efa778 Mon Sep 17 00:00:00 2001
From: ArthurSens <arthursens2005@gmail.com>
Date: Fri, 12 Mar 2021 21:14:39 +0000
Subject: [PATCH] Turn alertmanager's and grafana's roles into clusterRoles
Signed-off-by: ArthurSens <arthursens2005@gmail.com>
---
.../addons/podsecuritypolicies.libsonnet | 20 +++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
index 46493c55..888d553e 100644
--- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
+++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
@@ -54,9 +54,9 @@ local restrictedPodSecurityPolicy = {
restrictedPodSecurityPolicy: restrictedPodSecurityPolicy,
alertmanager+: {
- role: {
+ clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'Role',
+ kind: 'ClusterRole',
metadata: {
name: 'alertmanager-' + $.values.alertmanager.name,
},
@@ -68,15 +68,15 @@ local restrictedPodSecurityPolicy = {
}],
},
- roleBinding: {
+ clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'RoleBinding',
+ kind: 'ClusterRoleBinding',
metadata: {
name: 'alertmanager-' + $.values.alertmanager.name,
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
- kind: 'Role',
+ kind: 'ClusterRole',
name: 'alertmanager-' + $.values.alertmanager.name,
},
subjects: [{
@@ -121,9 +121,9 @@ local restrictedPodSecurityPolicy = {
},
grafana+: {
- role: {
+ clusterRole: {
apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'Role',
+ kind: 'ClusterRole',
metadata: {
name: 'grafana',
},
@@ -135,15 +135,15 @@ local restrictedPodSecurityPolicy = {
}],
},
- roleBinding: {
+ clusterRoleBinding: {
apiVersion: 'rbac.authorization.k8s.io/v1',
- kind: 'RoleBinding',
+ kind: 'ClusterRoleBinding',
metadata: {
name: 'grafana',
},
roleRef: {
apiGroup: 'rbac.authorization.k8s.io',
- kind: 'Role',
+ kind: 'ClusterRole',
name: 'grafana',
},
subjects: [{
--
GitLab