Merge pull request #44 from Utkar5hM/service-account-rbac-policy

Enhancement: Update RBAC policy and Service Account
kubearmor · Mar 11, 2024 · f0c1cc2 · f0c1cc2
2 parents 631551e + 082f9a4
commit f0c1cc2
Showing 1 changed file with 35 additions and 3 deletions.
diff --git a/deployments/relay-deployment.yaml b/deployments/relay-deployment.yaml
@@ -2,19 +2,51 @@ apiVersion: v1
 kind: Service
 metadata:
   name: kubearmor
-  namespace: kube-system
+  namespace: kubearmor
 spec:
   selector:
     kubearmor-app: kubearmor-relay
   ports:
   - port: 32767
     protocol: TCP
 ---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubearmor-relay
+  namespace: kubearmor
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubearmor-relay-clusterrole
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubearmor-relay-clusterrolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubearmor-relay-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: kubearmor-relay
+  namespace: kubearmor
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: kubearmor-relay
-  namespace: kube-system
+  namespace: kubearmor
   labels:
     kubearmor-app: kubearmor-relay
 spec:
@@ -29,7 +61,7 @@ spec:
       annotations:
         kubearmor-policy: audited
     spec:
-      serviceAccountName: kubearmor
+      serviceAccountName: kubearmor-relay
       containers:
       - name: kubearmor-relay-server
         image: kubearmor/kubearmor-relay-server:latest