Fix tenant service account binding
Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
This commit is contained in:
Stefan Prodan
@@ -56,7 +56,6 @@ reconcilers scope to the tenant namespaces.`,
|
|||||||
|
|
||||||
const (
|
const (
|
||||||
tenantLabel = "toolkit.fluxcd.io/tenant"
|
tenantLabel = "toolkit.fluxcd.io/tenant"
|
||||||
tenantRoleBinding = "gotk-reconciler"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@@ -123,18 +122,20 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
|
|||||||
|
|
||||||
roleBinding := rbacv1.RoleBinding{
|
roleBinding := rbacv1.RoleBinding{
|
||||||
ObjectMeta: metav1.ObjectMeta{
|
ObjectMeta: metav1.ObjectMeta{
|
||||||
Name: tenantRoleBinding,
|
Name: fmt.Sprintf("%s-reconciler", tenant),
|
||||||
Namespace: ns,
|
Namespace: ns,
|
||||||
Labels: objLabels,
|
Labels: objLabels,
|
||||||
},
|
},
|
||||||
Subjects: []rbacv1.Subject{
|
Subjects: []rbacv1.Subject{
|
||||||
{
|
{
|
||||||
|
APIGroup: "rbac.authorization.k8s.io",
|
||||||
Kind: "User",
|
Kind: "User",
|
||||||
Name: fmt.Sprintf("gotk:%s:reconciler", ns),
|
Name: fmt.Sprintf("gotk:%s:reconciler", ns),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
Kind: "ServiceAccount",
|
Kind: "ServiceAccount",
|
||||||
Name: tenant,
|
Name: tenant,
|
||||||
|
Namespace: ns,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
RoleRef: rbacv1.RoleRef{
|
RoleRef: rbacv1.RoleRef{
|
||||||
@@ -290,7 +291,7 @@ func exportTenant(namespace corev1.Namespace, account corev1.ServiceAccount, rol
|
|||||||
fmt.Println(resourceToString(data))
|
fmt.Println(resourceToString(data))
|
||||||
|
|
||||||
account.TypeMeta = metav1.TypeMeta{
|
account.TypeMeta = metav1.TypeMeta{
|
||||||
APIVersion: "",
|
APIVersion: "v1",
|
||||||
Kind: "ServiceAccount",
|
Kind: "ServiceAccount",
|
||||||
}
|
}
|
||||||
data, err = yaml.Marshal(account)
|
data, err = yaml.Marshal(account)
|
||||||
|
|||||||
Reference in New Issue
Block a user