change ServiceAccount RBAC to Role & ClusterRole

belfhi · Johannes Reppin · commit f6b6746ad7c9 · 2025-08-11T13:31:24.000+02:00
Signed-off-by: Johannes Reppin &lt;johannes.reppin@desy.de&gt;
diff --git a/charts/keycloakx/templates/serviceaccount.yaml b/charts/keycloakx/templates/serviceaccount.yaml
@@ -20,24 +20,25 @@ imagePullSecrets:
 automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
 
 ---
-
   {{- if .Values.serviceAccount.allowReadPods -}}
-kind: ClusterRole
+kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
 rules:
   - apiGroups: [""]
     resources: ["pods"]
     verbs: ["get", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   name: jgroups-kubeping-api-access-{{ .Release.Namespace }}
+  namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
+  kind: Role
   name: jgroups-kubeping-pod-reader-{{ .Release.Namespace }}
 subjects:
   - kind: ServiceAccount
