fix(app): use CBR and correct sa

2024-12-05 06:28:31 +00:00
parent aa17c7a2dc
commit 7c7cf79ca8
5 changed files with 57 additions and 25 deletions
--- a/examples/k8s/deployment.yaml
+++ b/examples/k8s/deployment.yaml
@@ -14,6 +14,7 @@ spec:
      labels:
        app: metalcheck
    spec:
+      serviceAccountName: metalcheck-sa
      containers:
      - name: backend
        image: <your-ecr-repo>:latest
@@ -29,6 +30,7 @@ apiVersion: v1
 kind: Service
 metadata:
  name: metalcheck-backend
+  namespace: metalcheck
 spec:
  selector:
    app: metalcheck
--- a/examples/k8s/rbac.yaml
+++ b/examples/k8s/rbac.yaml
@@ -5,25 +5,23 @@ metadata:
  namespace: metalcheck
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
-  namespace: metalcheck
-  name: metalcheck-role
+  name: metalcheck-clusterrole
 rules:
 - apiGroups: [""]
  resources: ["pods", "nodes", "namespaces"]
  verbs: ["get", "list", "watch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
-  name: metalcheck-rolebinding
-  namespace: metalcheck
+  name: metalcheck-clusterrolebinding
 subjects:
 - kind: ServiceAccount
  name: metalcheck-sa
  namespace: metalcheck
 roleRef:
-  kind: Role
-  name: metalcheck-role
+  kind: ClusterRole
+  name: metalcheck-clusterrole
  apiGroup: rbac.authorization.k8s.io