manifests: add cluster reconciler RBAC and SA

manifests/bases/kustomize-controller/cluster_role.yaml

@@ -1,13 +1,8 @@
-apiVersion: rbac.authorization.k8s.io/v1
+apiVersion: v1
-kind: ClusterRole
+kind: ServiceAccount
 metadata:
   name: cluster-reconciler
-rules:
+  namespace: system
-  - apiGroups: ['*']
-    resources: ['*']
-    verbs: ['*']
-  - nonResourceURLs: ['*']
-    verbs: ['*']
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -16,8 +11,8 @@ metadata:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: cluster-reconciler
+  name: cluster-admin
 subjects:
   - kind: ServiceAccount
-    name: default
+    name: cluster-reconciler
     namespace: system

manifests/bases/kustomize-controller/kustomization.yaml

@@ -1,5 +1,8 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.1-alpha.5
+- github.com/fluxcd/kustomize-controller/config//crd?ref=v0.0.1-alpha.6
-- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.1-alpha.5
+- github.com/fluxcd/kustomize-controller/config//manager?ref=v0.0.1-alpha.6
+- cluster_role.yaml
+patchesStrategicMerge:
+- patch.yaml

manifests/bases/kustomize-controller/patch.yaml

@@ -0,0 +1,8 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kustomize-controller
+spec:
+  template:
+    spec:
+      serviceAccountName: cluster-reconciler

manifests/rbac/kustomization.yaml

@@ -1,5 +1,4 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
-  - cluster_role.yaml
   - role.yaml