From adbbeb876aa9d00a67fd49b92a94a3a9e6d6bd22 Mon Sep 17 00:00:00 2001
From: lawik974 <loic97429@gmail.com>
Date: Tue, 12 Mar 2024 22:32:37 +0100
Subject: [PATCH] Fix cluster resources (clusterRBAC+configmap)

---
 Readme.md       |  2 +-
 deployment.yaml | 21 ++++++++++++++++-----
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/Readme.md b/Readme.md
index 0228f3b..c95a20c 100644
--- a/Readme.md
+++ b/Readme.md
@@ -17,7 +17,7 @@ kubectl create cm kube-notify-config -n monitoring --from-file config.yaml
 2. Deploy resources (deployement + rbac) in `monitoring` namespace :
 
 ```sh
-kubectl apply -n monitoring -f deployement.yaml
+kubectl apply -f deployement.yaml
 ```
 
 ## Configuration
diff --git a/deployment.yaml b/deployment.yaml
index 6151476..526a847 100644
--- a/deployment.yaml
+++ b/deployment.yaml
@@ -2,6 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
+  namespace: monitoring
   name: kube-notify
   labels:
     app: kube-notify
@@ -22,6 +23,7 @@ spec:
         volumeMounts:
         - name: config
           mountPath: /app/config.yaml
+          subPath: config.yaml
       volumes:
       - name: config
         configMap:
@@ -32,24 +34,33 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: kube-notify-watcher
+  namespace: monitoring
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
+kind: ClusterRole
 metadata:
+  namespace: "*"
   name: kube-notify-watcher
 rules:
-  - apiGroups: ["*"]
-    resources: ["*"]
+  - apiGroups:
+    - "*"
+    resources:
+    - "*"
+    verbs:  ["get", "watch", "list"]
+  - nonResourceURLs:
+    - "*"
     verbs: ["get", "watch", "list"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: kube-notify-watcher
+  namespace: monitoring
 subjects:
   - kind: ServiceAccount
+    namespace: monitoring
     name: kube-notify-watcher
 roleRef:
-  kind: Role
+  kind: ClusterRole
   name: kube-notify-watcher
   apiGroup: rbac.authorization.k8s.io