Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 9eacb1aa9c0779fbd1687d0ebb377ec5a141f3cc^! / . / charts / flux-bootstrap / templates
commit9eacb1aa9c0779fbd1687d0ebb377ec5a141f3cc[log] [tgz]
authorgiolekva <giolekva@gmail.com>Sat May 21 13:57:19 2022 +0400
committergiolekva <giolekva@gmail.com>Sat May 21 13:57:19 2022 +0400
tree0a683d3b88e466b1c155719173bf10224cf293a2
parent875548da4bbb7a1fc0bbdb74e0d8ffd3359457ad [diff]
bootstrap: fix service account permission issues

diff --git a/charts/flux-bootstrap/templates/fluxcd.yaml b/charts/flux-bootstrap/templates/fluxcd.yaml
index dfbc851..ddd389c 100644
--- a/charts/flux-bootstrap/templates/fluxcd.yaml
+++ b/charts/flux-bootstrap/templates/fluxcd.yaml

@@ -32,5 +32,7 @@
         "--path={{ .Values.repository.path }}",
         "--private-key-file=/access-keys/private.key",
         "--ssh-key-algorithm=ed25519",
+        "--silent",
+        "--watch-all-namespaces",
         "--verbose"]
       restartPolicy: Never

diff --git a/charts/flux-bootstrap/templates/service-account.yaml b/charts/flux-bootstrap/templates/service-account.yaml
index 2092b3c..f8567e9 100644
--- a/charts/flux-bootstrap/templates/service-account.yaml
+++ b/charts/flux-bootstrap/templates/service-account.yaml

@@ -1,33 +1,12 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: patch-customresourcedefinitions
+  name: pcloud-flux-role
   namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: ["apiextensions.k8s.io"]
     resources: ["customresourcedefinitions"]
     verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: flux-patch-customresourcedefinitions
-  namespace: {{ .Release.Namespace }}
-subjects:
-  - kind: ServiceAccount
-    name: default
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: patch-customresourcedefinitions
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: create-flux-resources
-  namespace: {{ .Release.Namespace }}
-rules:
   - apiGroups: [""]
     resources: ["*"]
     verbs: ["*"]
@@ -40,11 +19,17 @@
   - apiGroups: ["networking.k8s.io"]
     resources: ["*"]
     verbs: ["*"]
+  - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+    resources: ["*"]
+    verbs: ["*"]
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["*"]
+    verbs: ["*"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: flux-create-flux-resources
+  name: pcloud-flux-rolebinding
   namespace: {{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
@@ -52,5 +37,5 @@
     namespace: {{ .Release.Namespace }}
 roleRef:
   kind: ClusterRole
-  name: create-flux-resources
+  name: pcloud-flux-role
   apiGroup: rbac.authorization.k8s.io