From fc11c1731fec27414998747af8bc5fb4574941e8 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 13 Oct 2022 03:24:22 +0200
Subject: [PATCH] refactor(apps): Unify flux-reconciler service account
This patch renames a bunch of service accounts and role bindings, that
were previously individual to the namespace, now using `flux-reconciler`
everywhere with idential permissions.
Further adjustments needed to make it a shared resource, currently the
requirement to have the namespace in the rolebinding makes this hard.
Have to investigate.
---
apps/base/forecastle/namespace.yaml | 6 +++---
apps/base/gitlab-runner/namespace.yaml | 6 +++---
apps/base/gitlab-runner/release.yaml | 2 +-
apps/base/keycloak/namespace.yaml | 6 +++---
apps/base/keycloak/release.yaml | 2 +-
apps/base/matrix/namespace.yaml | 6 +++---
apps/base/matrix/release.yaml | 2 +-
apps/base/nextcloud/namespace.yaml | 6 +++---
apps/base/nextcloud/release.yaml | 2 +-
9 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/apps/base/forecastle/namespace.yaml b/apps/base/forecastle/namespace.yaml
index 696c5807c..b7c41132d 100644
--- a/apps/base/forecastle/namespace.yaml
+++ b/apps/base/forecastle/namespace.yaml
@@ -13,13 +13,13 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: forecastle-reconciler
+ name: flux-reconciler
namespace: forecastle
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: forecastle-reconciler
+ name: flux-reconciler
namespace: forecastle
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -27,5 +27,5 @@ roleRef:
name: admin
subjects:
- kind: ServiceAccount
- name: forecastle-reconciler
+ name: flux-reconciler
namespace: forecastle
diff --git a/apps/base/gitlab-runner/namespace.yaml b/apps/base/gitlab-runner/namespace.yaml
index 17914e5da..a0ad4cacd 100644
--- a/apps/base/gitlab-runner/namespace.yaml
+++ b/apps/base/gitlab-runner/namespace.yaml
@@ -8,13 +8,13 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: gitlab-runner-reconciler
+ name: flux-reconciler
namespace: gitlab-runner
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: gitlab-runner-reconciler
+ name: flux-reconciler
namespace: gitlab-runner
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -22,5 +22,5 @@ roleRef:
name: admin
subjects:
- kind: ServiceAccount
- name: gitlab-runner-reconciler
+ name: flux-reconciler
namespace: gitlab-runner
diff --git a/apps/base/gitlab-runner/release.yaml b/apps/base/gitlab-runner/release.yaml
index bff255997..58873e29b 100644
--- a/apps/base/gitlab-runner/release.yaml
+++ b/apps/base/gitlab-runner/release.yaml
@@ -4,7 +4,7 @@ metadata:
name: gitlab-runner
namespace: gitlab-runner
spec:
- serviceAccountName: gitlab-runner-reconciler
+ serviceAccountName: flux-reconciler
timeout: 15m
releaseName: gitlab-runner
chart:
diff --git a/apps/base/keycloak/namespace.yaml b/apps/base/keycloak/namespace.yaml
index 1384e40e4..cd23ac328 100644
--- a/apps/base/keycloak/namespace.yaml
+++ b/apps/base/keycloak/namespace.yaml
@@ -6,13 +6,13 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: keycloak-reconciler
+ name: flux-reconciler
namespace: keycloak
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: keycloak-reconciler
+ name: flux-reconciler
namespace: keycloak
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -20,5 +20,5 @@ roleRef:
name: admin
subjects:
- kind: ServiceAccount
- name: keycloak-reconciler
+ name: flux-reconciler
namespace: keycloak
diff --git a/apps/base/keycloak/release.yaml b/apps/base/keycloak/release.yaml
index 47dde8682..4a587dc1c 100644
--- a/apps/base/keycloak/release.yaml
+++ b/apps/base/keycloak/release.yaml
@@ -4,7 +4,7 @@ metadata:
name: keycloak
namespace: keycloak
spec:
- serviceAccountName: keycloak-reconciler
+ serviceAccountName: flux-reconciler
releaseName: keycloak
chart:
spec:
diff --git a/apps/base/matrix/namespace.yaml b/apps/base/matrix/namespace.yaml
index a04bf7faf..835044fb4 100644
--- a/apps/base/matrix/namespace.yaml
+++ b/apps/base/matrix/namespace.yaml
@@ -8,13 +8,13 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: matrix-reconciler
+ name: flux-reconciler
namespace: matrix
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: matrix-reconciler
+ name: flux-reconciler
namespace: matrix
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -22,5 +22,5 @@ roleRef:
name: admin
subjects:
- kind: ServiceAccount
- name: matrix-reconciler
+ name: flux-reconciler
namespace: matrix
diff --git a/apps/base/matrix/release.yaml b/apps/base/matrix/release.yaml
index b8ed5ea33..397cb46d4 100644
--- a/apps/base/matrix/release.yaml
+++ b/apps/base/matrix/release.yaml
@@ -4,7 +4,7 @@ metadata:
name: matrix-synapse
namespace: matrix
spec:
- serviceAccountName: matrix-reconciler
+ serviceAccountName: flux-reconciler
timeout: 15m
releaseName: matrix-synapse
chart:
diff --git a/apps/base/nextcloud/namespace.yaml b/apps/base/nextcloud/namespace.yaml
index 63ffbfca3..78e9fd1cb 100644
--- a/apps/base/nextcloud/namespace.yaml
+++ b/apps/base/nextcloud/namespace.yaml
@@ -8,13 +8,13 @@ metadata:
apiVersion: v1
kind: ServiceAccount
metadata:
- name: nextcloud-reconciler
+ name: flux-reconciler
namespace: nextcloud
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
- name: nextcloud-reconciler
+ name: flux-reconciler
namespace: nextcloud
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -22,5 +22,5 @@ roleRef:
name: admin
subjects:
- kind: ServiceAccount
- name: nextcloud-reconciler
+ name: flux-reconciler
namespace: nextcloud
diff --git a/apps/base/nextcloud/release.yaml b/apps/base/nextcloud/release.yaml
index dcd83f581..06b40cf6f 100644
--- a/apps/base/nextcloud/release.yaml
+++ b/apps/base/nextcloud/release.yaml
@@ -4,7 +4,7 @@ metadata:
name: nextcloud
namespace: nextcloud
spec:
- serviceAccountName: nextcloud-reconciler
+ serviceAccountName: flux-reconciler
timeout: 5m
releaseName: nextcloud
chart:
--
GitLab