feat: use regular k8s rbac role as no need for clusterrole

* make k8s yaml manifests readable
* resolve issue #47

samples/Definitions/Client-ServiceAccount.yaml

@@ -1,33 +1,31 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-    name: orleansclient
-    namespace: kubetest
+  name: orleansclient
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-    name: orleansclient
+  name: orleansclient
 rules:
-    - apiGroups:
-          - orleans.dot.net
-      resources:
-          - silos
-          - clusterversions
-      verbs:
-          - get
-          - list
-          - watch
+- apiGroups:
+    - orleans.dot.net
+  resources:
+    - silos
+    - clusterversions
+  verbs:
+    - get
+    - list
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
-    name: orleansclient
+  name: orleansclient
 roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: orleansclient
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: orleansclient
 subjects:
-    - kind: ServiceAccount
-      name: orleansclient
-      namespace: kubetest
+- kind: ServiceAccount
+  name: orleansclient

samples/Definitions/Client.yaml

@@ -1,21 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-    name: orleans-client
-    labels:
-        app: kubeclient
+  name: orleans-client
+  labels:
+    app: kubeclient
 spec:
-    replicas: 1
-    selector:
-        matchLabels:
-            app: kubeclient
-    template:
-        metadata:
-            labels:
-                app: kubeclient
-        spec:
-            serviceAccountName: orleansclient
-            containers:
-                - name: orleansclient
-                  image: kubeclient:latest
-                  imagePullPolicy: Never
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kubeclient
+  template:
+    metadata:
+      labels:
+        app: kubeclient
+    spec:
+      serviceAccountName: orleansclient
+      containers:
+        - name: orleansclient
+          image: kubeclient:latest
+          imagePullPolicy: Never

samples/Definitions/Gateway.yaml

@@ -1,21 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-    name: orleans-gateway
-    labels:
-        app: kubegateway
+  name: orleans-gateway
+  labels:
+    app: kubegateway
 spec:
-    replicas: 2
-    selector:
-        matchLabels:
-            app: kubegateway
-    template:
-        metadata:
-            labels:
-                app: kubegateway
-        spec:
-            serviceAccountName: orleanssilo
-            containers:
-                - name: orleanssilo
-                  image: kubegateway:latest
-                  imagePullPolicy: Never
+  replicas: 2
+  selector:
+    matchLabels:
+      app: kubegateway
+  template:
+    metadata:
+      labels:
+        app: kubegateway
+    spec:
+      serviceAccountName: orleanssilo
+      containers:
+        - name: orleanssilo
+          image: kubegateway:latest
+          imagePullPolicy: Never

samples/Definitions/Silo-ServiceAccount.yaml

@@ -1,37 +1,35 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-    name: orleanssilo
-    namespace: kubetest
+  name: orleanssilo
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-    name: orleanssilo
+  name: orleanssilo
 rules:
-    - apiGroups:
-          - orleans.dot.net
-      resources:
-          - silos
-          - clusterversions
-      verbs:
-          - get
-          - list
-          - watch
-          - create
-          - update
-          - patch
-          - delete
+- apiGroups:
+    - orleans.dot.net
+  resources:
+    - silos
+    - clusterversions
+  verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - patch
+    - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
-    name: orleanssilo
+  name: orleanssilo
 roleRef:
-    apiGroup: rbac.authorization.k8s.io
-    kind: ClusterRole
-    name: orleanssilo
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: orleanssilo
 subjects:
-    - kind: ServiceAccount
-      name: orleanssilo
-      namespace: kubetest
+- kind: ServiceAccount
+  name: orleanssilo

samples/Definitions/Silo.yaml

@@ -1,21 +1,21 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-    name: orleans-silo
-    labels:
-        app: kubesilo
+  name: orleans-silo
+  labels:
+    app: kubesilo
 spec:
-    replicas: 1
-    selector:
-        matchLabels:
-            app: kubesilo
-    template:
-        metadata:
-            labels:
-                app: kubesilo
-        spec:
-            serviceAccountName: orleanssilo
-            containers:
-                - name: orleanssilo
-                  image: kubesilo:latest
-                  imagePullPolicy: Never
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kubesilo
+  template:
+    metadata:
+      labels:
+        app: kubesilo
+    spec:
+      serviceAccountName: orleanssilo
+      containers:
+        - name: orleanssilo
+          image: kubesilo:latest
+          imagePullPolicy: Never

samples/README.md

@@ -59,6 +59,3 @@ You are all set! You can use commands like `kubectl get pods --namespace <namesp
 To inspect the cluster objects deployed to kubertes with `kubectl get silos --namespace <namespace> -o yaml` or `kubectl get clusterversions --namespace <namespace> -o yaml` and that will return Orleans cluster membership objects in YAML (you can change to `-o json` if you like to).
 
 Enjoy!
-
-
-