update iam helm

coding-hui · coding-hui · commit 903a1b48aaa7 · 2024-04-21T15:57:37.000+08:00
diff --git a/installer/helm/iam/templates/apiserver/batch-job.yaml b/installer/helm/iam/templates/apiserver/batch-job.yaml
@@ -9,7 +9,7 @@ spec:
   backoffLimit: 3
   template:
     spec:
-      serviceAccountName: {{ include "iam.fullname" . }}
+      serviceAccountName: {{ include "iam.apiServerFullname" . }}
       priorityClassName: system-cluster-critical
       {{- with .Values.global.imagePullSecrets }}
       imagePullSecrets:
@@ -20,6 +20,6 @@ spec:
         - name: main
           image: "{{ .Values.apiServer.image.repository }}:{{ .Values.apiServer.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.apiServer.image.pullPolicy }}
-          command: [ "/gen-k8s-secret.sh", "--service", "{{ include "iam.fullname" . }}", "--namespace",
+          command: [ "/gen-k8s-secret.sh", "--service", "{{ include "iam.apiServerFullname" . }}", "--namespace",
                      "{{ .Release.Namespace }}", "--secret", "{{ include "iam.fullname" . }}" ]
 {{- end }}
diff --git a/installer/helm/iam/templates/authzserver/rbac.yaml b/installer/helm/iam/templates/authzserver/rbac.yaml
@@ -3,45 +3,3 @@ kind: ServiceAccount
 metadata:
   name: {{ include "iam.authzServerFullname" . }}
   namespace: {{ .Release.Namespace }}
----
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "iam.authzServerFullname" . }}
-rules:
-  - apiGroups: [ "" ]
-    resources: [ "configmaps" ]
-    verbs: [ "get", "list", "watch" ]
-  # Rules below is used generate admission service secret
-  - apiGroups: [ "certificates.k8s.io" ]
-    resources: [ "certificatesigningrequests" ]
-    verbs: [ "get", "list", "create", "delete" ]
-  - apiGroups: [ "certificates.k8s.io" ]
-    resources: [ "certificatesigningrequests/approval" ]
-    verbs: [ "create", "update" ]
-  - apiGroups: [ "" ]
-    resources: [ "secrets" ]
-    verbs: [ "create", "get", "patch" ]
-  - apiGroups: [ "scheduling.incubator.k8s.io", "scheduling.volcano.sh" ]
-    resources: [ "queues" ]
-    verbs: [ "get", "list" ]
-  - apiGroups: [ "" ]
-    resources: [ "services" ]
-    verbs: [ "get" ]
-  - apiGroups: [ "scheduling.incubator.k8s.io", "scheduling.volcano.sh" ]
-    resources: [ "podgroups" ]
-    verbs: [ "get", "list", "watch" ]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: {{ include "iam.authzServerFullname" . }}-role
-subjects:
-  - kind: ServiceAccount
-    name: {{ include "iam.authzServerFullname" . }}
-    namespace: {{ .Release.Namespace }}
-roleRef:
-  kind: ClusterRole
-  name: {{ include "iam.authzServerFullname" . }}
-  apiGroup: rbac.authorization.k8s.io
diff --git a/installer/helm/iam/templates/rbac.yaml b/installer/helm/iam/templates/rbac.yaml
