From 2299c2a7d2416c406c5a39021c64be9322dd9983 Mon Sep 17 00:00:00 2001 From: Nitya Dhanushkodi Date: Wed, 3 Nov 2021 00:45:37 -0700 Subject: [PATCH] remove client clusterrole/rolbinding since they're not currently used --- .../templates/client-dns-clusterrole.yaml | 24 ------------------- .../client-dns-clusterrolebinding.yaml | 22 ----------------- charts/consul/templates/client-role.yaml | 9 +------ 3 files changed, 1 insertion(+), 54 deletions(-) delete mode 100644 charts/consul/templates/client-dns-clusterrole.yaml delete mode 100644 charts/consul/templates/client-dns-clusterrolebinding.yaml diff --git a/charts/consul/templates/client-dns-clusterrole.yaml b/charts/consul/templates/client-dns-clusterrole.yaml deleted file mode 100644 index a5613d69ff..0000000000 --- a/charts/consul/templates/client-dns-clusterrole.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }} -{{- if .Values.dns.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: {{ template "consul.fullname" . }}-client-dns -# namespace: {{ .Release.Namespace }} - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -rules: -{{- if .Values.dns.enabled }} - - apiGroups: [""] - resources: - - services - resourceNames: - - "kube-dns" - verbs: - - get -{{- end }} -{{- end }} -{{- end }} diff --git a/charts/consul/templates/client-dns-clusterrolebinding.yaml b/charts/consul/templates/client-dns-clusterrolebinding.yaml deleted file mode 100644 index 4c01635210..0000000000 --- a/charts/consul/templates/client-dns-clusterrolebinding.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if (or (and (ne (.Values.client.enabled | toString) "-") .Values.client.enabled) (and (eq (.Values.client.enabled | toString) "-") .Values.global.enabled)) }} -{{- if .Values.dns.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ template "consul.fullname" . }}-client-dns - namespace: {{ .Release.Namespace }} - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "consul.fullname" . }}-client-dns -subjects: - - kind: ServiceAccount - name: {{ template "consul.fullname" . }}-client - namespace: {{ .Release.Namespace }} # TODO:nitya try regular rolebinding with this line -{{- end }} -{{- end }} diff --git a/charts/consul/templates/client-role.yaml b/charts/consul/templates/client-role.yaml index efeaaa6168..8295a5d1f8 100644 --- a/charts/consul/templates/client-role.yaml +++ b/charts/consul/templates/client-role.yaml @@ -9,7 +9,7 @@ metadata: chart: {{ template "consul.chart" . }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} -{{- if (or .Values.dns.enabled .Values.global.acls.manageSystemACLs .Values.global.enablePodSecurityPolicies .Values.global.openshift.enabled) }} +{{- if (or .Values.global.acls.manageSystemACLs .Values.global.enablePodSecurityPolicies .Values.global.openshift.enabled) }} rules: {{- if .Values.global.enablePodSecurityPolicies }} - apiGroups: ["policy"] @@ -36,13 +36,6 @@ rules: verbs: - use {{- end}} -{{- if .Values.dns.enabled }} - - apiGroups: [""] - resources: - - services - verbs: - - get -{{- end }} {{- else}} rules: [] {{- end }}