From 463e756fb338b38417e22b90a5467d32d735ffc2 Mon Sep 17 00:00:00 2001
From: Adrien <adrien@reslinger.net>
Date: Sun, 14 Jun 2020 15:20:27 +0200
Subject: [PATCH] Update RBAC

---
 files/drone-runner/drone-runner-Role.yaml           |  4 ++--
 files/drone-runner/drone-runner-RoleBinding.yaml    | 10 +++++-----
 files/drone-runner/drone-runner-ServiceAccount.yaml |  5 +++++
 tasks/main.yml                                      |  1 +
 4 files changed, 13 insertions(+), 7 deletions(-)
 create mode 100644 files/drone-runner/drone-runner-ServiceAccount.yaml

diff --git a/files/drone-runner/drone-runner-Role.yaml b/files/drone-runner/drone-runner-Role.yaml
index b79a45e..b88050b 100644
--- a/files/drone-runner/drone-runner-Role.yaml
+++ b/files/drone-runner/drone-runner-Role.yaml
@@ -1,8 +1,8 @@
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  namespace: default
-  name: drone
+  namespace: drone
+  name: drone-runner
 rules:
 - apiGroups:
   - ""
diff --git a/files/drone-runner/drone-runner-RoleBinding.yaml b/files/drone-runner/drone-runner-RoleBinding.yaml
index 9c654fb..08d275c 100644
--- a/files/drone-runner/drone-runner-RoleBinding.yaml
+++ b/files/drone-runner/drone-runner-RoleBinding.yaml
@@ -1,13 +1,13 @@
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: drone
-  namespace: default
+  name: drone-runner
+  namespace: drone
 subjects:
 - kind: ServiceAccount
-  name: default
-  namespace: default
+  name: drone-runner
+  namespace: drone
 roleRef:
   kind: Role
-  name: drone
+  name: drone-runner
   apiGroup: rbac.authorization.k8s.io
diff --git a/files/drone-runner/drone-runner-ServiceAccount.yaml b/files/drone-runner/drone-runner-ServiceAccount.yaml
new file mode 100644
index 0000000..38c6563
--- /dev/null
+++ b/files/drone-runner/drone-runner-ServiceAccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: drone
+  name: drone-runner
diff --git a/tasks/main.yml b/tasks/main.yml
index a6faf77..f8a72e8 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -36,6 +36,7 @@
         merge_type: merge
         resource_definition: "{{ lookup('file', item) | from_yaml }}"
       with_items:
+        - drone-runner/drone-runner-ServiceAccount.yaml
         - drone-runner/drone-runner-Role.yaml
         - drone-runner/drone-runner-RoleBinding.yaml
         - drone-runner/drone-runner-ConfigMap.yaml