From f748114dfa6633a921b2f89df42215c88e71bdce Mon Sep 17 00:00:00 2001 From: Edvin Norling Date: Wed, 16 Jun 2021 13:56:43 +0200 Subject: [PATCH] Remove resourceNames in integration secrets * Solves #1524 * We remove resourceName due to the following: Note: You cannot restrict create or deletecollection requests by resourceName. For create, this limitation is because the object name is not known at authorization time. * Fix typo in azure-registry cronjob Signed-off-by: Edvin Norling --- .../integrations/eventhub-credentials-sync/_base/sync.yaml | 4 ++-- .../integrations/registry-credentials-sync/_base/sync.yaml | 4 ++-- .../registry-credentials-sync/_cronjobs/_base/sync.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/integrations/eventhub-credentials-sync/_base/sync.yaml b/manifests/integrations/eventhub-credentials-sync/_base/sync.yaml index 409db4fd..80d89a0d 100644 --- a/manifests/integrations/eventhub-credentials-sync/_base/sync.yaml +++ b/manifests/integrations/eventhub-credentials-sync/_base/sync.yaml @@ -110,8 +110,8 @@ rules: - update - patch # Lock this down to the specific Secret name (Optional) - resourceNames: - - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml + #resourceNames: + # - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/manifests/integrations/registry-credentials-sync/_base/sync.yaml b/manifests/integrations/registry-credentials-sync/_base/sync.yaml index 7ad7222e..f827c2aa 100644 --- a/manifests/integrations/registry-credentials-sync/_base/sync.yaml +++ b/manifests/integrations/registry-credentials-sync/_base/sync.yaml @@ -102,8 +102,8 @@ rules: - update - patch # # Lock this down to the specific Secret name (Optional) - resourceNames: - - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml + #resourceNames: + #- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 diff --git a/manifests/integrations/registry-credentials-sync/_cronjobs/_base/sync.yaml b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/sync.yaml index 17ed5a19..2fcc3a2a 100644 --- a/manifests/integrations/registry-credentials-sync/_cronjobs/_base/sync.yaml +++ b/manifests/integrations/registry-credentials-sync/_cronjobs/_base/sync.yaml @@ -49,7 +49,7 @@ spec: apply-secret() { /kbin/kubectl create secret docker-registry "${1}" \ - --docker-passwrod="${2}" \ + --docker-password="${2}" \ --docker-username="${3}" \ --docker-server="${4}" \ --dry-run=client -o=yaml \