moved service-account and rbac to beginning of manifests (#33501)

* change order of manifest part in makefile + remove extra dashes
elastic · Nov 1, 2022 · ce799a1 · ce799a1
1 parent 43b362e
commit ce799a1
Show file tree

Hide file tree

Showing 8 changed files with 438 additions and 441 deletions.
diff --git a/deploy/kubernetes/Makefile b/deploy/kubernetes/Makefile
@@ -17,7 +17,10 @@ clean:
 $(ALL):
 	@echo "Generating $@-kubernetes.yaml"
 	@rm -f $@-kubernetes.yaml
-	@for f in $(shell ls $@/*.yaml); do \
-		sed "s/%VERSION%/${BEAT_VERSION}/g" $$f >> $@-kubernetes.yaml; \
-		echo --- >> $@-kubernetes.yaml; \
+	@for f in service-account role role-binding configmap deployment daemonset ; do \
+		if [ -f "$@/$@-$$f.yaml" ]; then \
+			echo "file: $@/$@-$$f.yaml"; \
+			sed "s/%VERSION%/${BEAT_VERSION}/g" $@/$@-$$f.yaml >> $@-kubernetes.yaml; \
+			echo --- >> $@-kubernetes.yaml; \
+		fi \
 	done
diff --git a/deploy/kubernetes/auditbeat-kubernetes.yaml b/deploy/kubernetes/auditbeat-kubernetes.yaml
@@ -1,3 +1,99 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: auditbeat
+  namespace: kube-system
+  labels:
+    k8s-app: auditbeat
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: auditbeat
+  labels:
+    k8s-app: auditbeat
+rules:
+- apiGroups: [""]
+  resources:
+  - nodes
+  - namespaces
+  - pods
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps"]
+  resources:
+    - replicasets
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: auditbeat
+  # should be the namespace where auditbeat is running
+  namespace: kube-system
+  labels:
+    k8s-app: auditbeat
+rules:
+  - apiGroups:
+      - coordination.k8s.io
+    resources:
+      - leases
+    verbs: ["get", "create", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: auditbeat-kubeadm-config
+  namespace: kube-system
+  labels:
+    k8s-app: auditbeat
+rules:
+  - apiGroups: [""]
+    resources:
+      - configmaps
+    resourceNames:
+      - kubeadm-config
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: auditbeat
+subjects:
+- kind: ServiceAccount
+  name: auditbeat
+  namespace: kube-system
+roleRef:
+  kind: ClusterRole
+  name: auditbeat
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: auditbeat
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: auditbeat
+    namespace: kube-system
+roleRef:
+  kind: Role
+  name: auditbeat
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: auditbeat-kubeadm-config
+  namespace: kube-system
+subjects:
+  - kind: ServiceAccount
+    name: auditbeat
+    namespace: kube-system
+roleRef:
+  kind: Role
+  name: auditbeat-kubeadm-config
+  apiGroup: rbac.authorization.k8s.io
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -212,100 +308,3 @@ spec:
           path: /run/containerd
           type: DirectoryOrCreate
 ---
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: auditbeat
-subjects:
-- kind: ServiceAccount
-  name: auditbeat
-  namespace: kube-system
-roleRef:
-  kind: ClusterRole
-  name: auditbeat
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: auditbeat
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: auditbeat
-    namespace: kube-system
-roleRef:
-  kind: Role
-  name: auditbeat
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: auditbeat-kubeadm-config
-  namespace: kube-system
-subjects:
-  - kind: ServiceAccount
-    name: auditbeat
-    namespace: kube-system
-roleRef:
-  kind: Role
-  name: auditbeat-kubeadm-config
-  apiGroup: rbac.authorization.k8s.io
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: auditbeat
-  labels:
-    k8s-app: auditbeat
-rules:
-- apiGroups: [""]
-  resources:
-  - nodes
-  - namespaces
-  - pods
-  verbs: ["get", "list", "watch"]
-- apiGroups: ["apps"]
-  resources:
-    - replicasets
-  verbs: ["get", "list", "watch"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: auditbeat
-  # should be the namespace where auditbeat is running
-  namespace: kube-system
-  labels:
-    k8s-app: auditbeat
-rules:
-  - apiGroups:
-      - coordination.k8s.io
-    resources:
-      - leases
-    verbs: ["get", "create", "update"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: auditbeat-kubeadm-config
-  namespace: kube-system
-  labels:
-    k8s-app: auditbeat
-rules:
-  - apiGroups: [""]
-    resources:
-      - configmaps
-    resourceNames:
-      - kubeadm-config
-    verbs: ["get"]
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: auditbeat
-  namespace: kube-system
-  labels:
-    k8s-app: auditbeat
----
diff --git a/deploy/kubernetes/auditbeat/auditbeat-configmap.yaml b/deploy/kubernetes/auditbeat/auditbeat-configmap.yaml
@@ -1,4 +1,3 @@
----
 apiVersion: v1
 kind: ConfigMap
 metadata: