From 1ded9aa270d05dc12e4108fabe0cc7aafbf272ed Mon Sep 17 00:00:00 2001 From: Mykhailo Kuzmich Date: Sat, 6 Feb 2021 22:16:56 +0200 Subject: [PATCH] feat: use regular k8s rbac role as no need for clusterrole * make k8s yaml manifests readable * resolve issue #47 --- .../Definitions/Client-ServiceAccount.yaml | 40 ++++++++-------- samples/Definitions/Client.yaml | 34 ++++++------- samples/Definitions/Gateway.yaml | 34 ++++++------- samples/Definitions/Silo-ServiceAccount.yaml | 48 +++++++++---------- samples/Definitions/Silo.yaml | 34 ++++++------- samples/README.md | 3 -- 6 files changed, 93 insertions(+), 100 deletions(-) diff --git a/samples/Definitions/Client-ServiceAccount.yaml b/samples/Definitions/Client-ServiceAccount.yaml index 28f02dc..2fdbfa9 100644 --- a/samples/Definitions/Client-ServiceAccount.yaml +++ b/samples/Definitions/Client-ServiceAccount.yaml @@ -1,33 +1,31 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: orleansclient - namespace: kubetest + name: orleansclient --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: - name: orleansclient + name: orleansclient rules: - - apiGroups: - - orleans.dot.net - resources: - - silos - - clusterversions - verbs: - - get - - list - - watch +- apiGroups: + - orleans.dot.net + resources: + - silos + - clusterversions + verbs: + - get + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: - name: orleansclient + name: orleansclient roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: orleansclient + apiGroup: rbac.authorization.k8s.io + kind: Role + name: orleansclient subjects: - - kind: ServiceAccount - name: orleansclient - namespace: kubetest +- kind: ServiceAccount + name: orleansclient diff --git a/samples/Definitions/Client.yaml b/samples/Definitions/Client.yaml index f6ac25a..f13912e 100644 --- a/samples/Definitions/Client.yaml +++ b/samples/Definitions/Client.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: orleans-client - labels: - app: kubeclient + name: orleans-client + labels: + app: kubeclient spec: - replicas: 1 - selector: - matchLabels: - app: kubeclient - template: - metadata: - labels: - app: kubeclient - spec: - serviceAccountName: orleansclient - containers: - - name: orleansclient - image: kubeclient:latest - imagePullPolicy: Never + replicas: 1 + selector: + matchLabels: + app: kubeclient + template: + metadata: + labels: + app: kubeclient + spec: + serviceAccountName: orleansclient + containers: + - name: orleansclient + image: kubeclient:latest + imagePullPolicy: Never diff --git a/samples/Definitions/Gateway.yaml b/samples/Definitions/Gateway.yaml index 911402f..0fb4fbd 100644 --- a/samples/Definitions/Gateway.yaml +++ b/samples/Definitions/Gateway.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: orleans-gateway - labels: - app: kubegateway + name: orleans-gateway + labels: + app: kubegateway spec: - replicas: 2 - selector: - matchLabels: - app: kubegateway - template: - metadata: - labels: - app: kubegateway - spec: - serviceAccountName: orleanssilo - containers: - - name: orleanssilo - image: kubegateway:latest - imagePullPolicy: Never \ No newline at end of file + replicas: 2 + selector: + matchLabels: + app: kubegateway + template: + metadata: + labels: + app: kubegateway + spec: + serviceAccountName: orleanssilo + containers: + - name: orleanssilo + image: kubegateway:latest + imagePullPolicy: Never diff --git a/samples/Definitions/Silo-ServiceAccount.yaml b/samples/Definitions/Silo-ServiceAccount.yaml index 6216f84..1cbd57c 100644 --- a/samples/Definitions/Silo-ServiceAccount.yaml +++ b/samples/Definitions/Silo-ServiceAccount.yaml @@ -1,37 +1,35 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: orleanssilo - namespace: kubetest + name: orleanssilo --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Role metadata: - name: orleanssilo + name: orleanssilo rules: - - apiGroups: - - orleans.dot.net - resources: - - silos - - clusterversions - verbs: - - get - - list - - watch - - create - - update - - patch - - delete +- apiGroups: + - orleans.dot.net + resources: + - silos + - clusterversions + verbs: + - get + - list + - watch + - create + - update + - patch + - delete --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding +kind: RoleBinding metadata: - name: orleanssilo + name: orleanssilo roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: orleanssilo + apiGroup: rbac.authorization.k8s.io + kind: Role + name: orleanssilo subjects: - - kind: ServiceAccount - name: orleanssilo - namespace: kubetest +- kind: ServiceAccount + name: orleanssilo diff --git a/samples/Definitions/Silo.yaml b/samples/Definitions/Silo.yaml index 7c7e729..229888a 100644 --- a/samples/Definitions/Silo.yaml +++ b/samples/Definitions/Silo.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: orleans-silo - labels: - app: kubesilo + name: orleans-silo + labels: + app: kubesilo spec: - replicas: 1 - selector: - matchLabels: - app: kubesilo - template: - metadata: - labels: - app: kubesilo - spec: - serviceAccountName: orleanssilo - containers: - - name: orleanssilo - image: kubesilo:latest - imagePullPolicy: Never + replicas: 1 + selector: + matchLabels: + app: kubesilo + template: + metadata: + labels: + app: kubesilo + spec: + serviceAccountName: orleanssilo + containers: + - name: orleanssilo + image: kubesilo:latest + imagePullPolicy: Never diff --git a/samples/README.md b/samples/README.md index d3d3434..5201ca3 100644 --- a/samples/README.md +++ b/samples/README.md @@ -59,6 +59,3 @@ You are all set! You can use commands like `kubectl get pods --namespace -o yaml` or `kubectl get clusterversions --namespace -o yaml` and that will return Orleans cluster membership objects in YAML (you can change to `-o json` if you like to). Enjoy! - - -