bootstrap: fix service account permission issues
diff --git a/charts/flux-bootstrap/templates/fluxcd.yaml b/charts/flux-bootstrap/templates/fluxcd.yaml
index dfbc851..ddd389c 100644
--- a/charts/flux-bootstrap/templates/fluxcd.yaml
+++ b/charts/flux-bootstrap/templates/fluxcd.yaml
@@ -32,5 +32,7 @@
"--path={{ .Values.repository.path }}",
"--private-key-file=/access-keys/private.key",
"--ssh-key-algorithm=ed25519",
+ "--silent",
+ "--watch-all-namespaces",
"--verbose"]
restartPolicy: Never
diff --git a/charts/flux-bootstrap/templates/service-account.yaml b/charts/flux-bootstrap/templates/service-account.yaml
index 2092b3c..f8567e9 100644
--- a/charts/flux-bootstrap/templates/service-account.yaml
+++ b/charts/flux-bootstrap/templates/service-account.yaml
@@ -1,33 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
- name: patch-customresourcedefinitions
+ name: pcloud-flux-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["*"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: flux-patch-customresourcedefinitions
- namespace: {{ .Release.Namespace }}
-subjects:
- - kind: ServiceAccount
- name: default
- namespace: {{ .Release.Namespace }}
-roleRef:
- kind: ClusterRole
- name: patch-customresourcedefinitions
- apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: create-flux-resources
- namespace: {{ .Release.Namespace }}
-rules:
- apiGroups: [""]
resources: ["*"]
verbs: ["*"]
@@ -40,11 +19,17 @@
- apiGroups: ["networking.k8s.io"]
resources: ["*"]
verbs: ["*"]
+ - apiGroups: ["kustomize.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
+ - apiGroups: ["source.toolkit.fluxcd.io"]
+ resources: ["*"]
+ verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
- name: flux-create-flux-resources
+ name: pcloud-flux-rolebinding
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
@@ -52,5 +37,5 @@
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
- name: create-flux-resources
+ name: pcloud-flux-role
apiGroup: rbac.authorization.k8s.io