Remove resourceNames in integration secrets

* Solves #1524
* We remove resourceName due to the following:
  Note: You cannot restrict create or deletecollection requests by resourceName.
  For create, this limitation is because the object name is not known at authorization time.
* Fix typo in azure-registry cronjob
Signed-off-by: Edvin Norling <edvin.norling@xenit.se>
pull/1528/head
Edvin Norling 4 years ago
parent 5de83f015a
commit f748114dfa

@ -110,8 +110,8 @@ rules:
- update - update
- patch - patch
# Lock this down to the specific Secret name (Optional) # Lock this down to the specific Secret name (Optional)
resourceNames: #resourceNames:
- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml # - $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
--- ---
kind: RoleBinding kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1

@ -102,8 +102,8 @@ rules:
- update - update
- patch - patch
# # Lock this down to the specific Secret name (Optional) # # Lock this down to the specific Secret name (Optional)
resourceNames: #resourceNames:
- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml #- $(KUBE_SECRET) # templated from kustomize vars referencing ConfigMap, also see kustomizeconfig.yaml
--- ---
kind: RoleBinding kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1

@ -49,7 +49,7 @@ spec:
apply-secret() { apply-secret() {
/kbin/kubectl create secret docker-registry "${1}" \ /kbin/kubectl create secret docker-registry "${1}" \
--docker-passwrod="${2}" \ --docker-password="${2}" \
--docker-username="${3}" \ --docker-username="${3}" \
--docker-server="${4}" \ --docker-server="${4}" \
--dry-run=client -o=yaml \ --dry-run=client -o=yaml \

Loading…
Cancel
Save