From c9b52c97f5b5c61981a9ff1741bdb23e99e5c86e Mon Sep 17 00:00:00 2001
From: ArthurSens <arthursens2005@gmail.com>
Date: Thu, 25 Mar 2021 20:59:49 +0000
Subject: [PATCH] PodSecurityPolicy uses role instead of clusterRole where
 posible

Signed-off-by: ArthurSens <arthursens2005@gmail.com>
---
 .../addons/podsecuritypolicies.libsonnet      | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
index 65908f8c..62825d7e 100644
--- a/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
+++ b/jsonnet/kube-prometheus/addons/podsecuritypolicies.libsonnet
@@ -2,7 +2,7 @@ local restrictedPodSecurityPolicy = {
   apiVersion: 'policy/v1beta1',
   kind: 'PodSecurityPolicy',
   metadata: {
-    name: 'restricted',
+    name: 'kube-prometheus-restricted',
   },
   spec: {
     privileged: false,
@@ -54,9 +54,9 @@ local restrictedPodSecurityPolicy = {
   restrictedPodSecurityPolicy: restrictedPodSecurityPolicy,
 
   alertmanager+: {
-    clusterRole: {
+    role: {
       apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'ClusterRole',
+      kind: 'Role',
       metadata: {
         name: 'alertmanager-' + $.values.alertmanager.name,
       },
@@ -68,15 +68,15 @@ local restrictedPodSecurityPolicy = {
       }],
     },
 
-    clusterRoleBinding: {
+    roleBinding: {
       apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'ClusterRoleBinding',
+      kind: 'RoleBinding',
       metadata: {
         name: 'alertmanager-' + $.values.alertmanager.name,
       },
       roleRef: {
         apiGroup: 'rbac.authorization.k8s.io',
-        kind: 'ClusterRole',
+        kind: 'Role',
         name: 'alertmanager-' + $.values.alertmanager.name,
       },
       subjects: [{
@@ -121,9 +121,9 @@ local restrictedPodSecurityPolicy = {
   },
 
   grafana+: {
-    clusterRole: {
+    role: {
       apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'ClusterRole',
+      kind: 'Role',
       metadata: {
         name: 'grafana',
       },
@@ -135,15 +135,15 @@ local restrictedPodSecurityPolicy = {
       }],
     },
 
-    clusterRoleBinding: {
+    roleBinding: {
       apiVersion: 'rbac.authorization.k8s.io/v1',
-      kind: 'ClusterRoleBinding',
+      kind: 'RoleBinding',
       metadata: {
         name: 'grafana',
       },
       roleRef: {
         apiGroup: 'rbac.authorization.k8s.io',
-        kind: 'ClusterRole',
+        kind: 'Role',
         name: 'grafana',
       },
       subjects: [{
-- 
GitLab