Replace Role with ClusterRole for secrets backup

This also adds the `configmaps` resource to the rules of the new clusterrole, which is necessary for the backup script
spackbot · Feb 22, 2023 · 94e654a · 94e654a
1 parent d50676e
commit 94e654a
Showing 1 changed file with 5 additions and 6 deletions.
diff --git a/k8s/secrets-backup/service-accounts.yaml b/k8s/secrets-backup/service-accounts.yaml
@@ -8,26 +8,25 @@ metadata:
     eks.amazonaws.com/role-arn: arn:aws:iam::588562868276:role/SecretsBackupRole-production
 
 ---
-kind: Role
+kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: secrets-backup
-  namespace: custom
 rules:
   - apiGroups: [""]
-    resources: ["secrets"]
+    resources: ["secrets", "configmaps"]
     verbs: ["get", "watch", "list"]
 
 ---
-kind: RoleBinding
+kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: secrets-backup
-  namespace: custom
 subjects:
   - kind: ServiceAccount
     name: secrets-backup
+    namespace: custom
 roleRef:
-  kind: Role
+  kind: ClusterRole
   name: secrets-backup
   apiGroup: rbac.authorization.k8s.io