From c5cc69548fc08d5e185ff8385724bc2f55f9e4d8 Mon Sep 17 00:00:00 2001
From: Hrvoje Basic <hrvbasic@gmail.com>
Date: Thu, 6 Mar 2025 12:45:12 +0100
Subject: [PATCH] remove cluster-wide permissions

---
 .../templates/executor-role-binding.yaml                     | 5 +++--
 .../{executor-cluster-role.yaml => executor-role.yaml}       | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)
 rename helm-charts/falcon-self-hosted-registry-assessment/templates/{executor-cluster-role.yaml => executor-role.yaml} (85%)

diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role-binding.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role-binding.yaml
index dc5ba390..a4f47d79 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role-binding.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role-binding.yaml
@@ -1,7 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
   name: {{ include "ra-self-hosted-executor.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
   {{- include "ra-self-hosted.labels-executor" . | nindent 4 }}
 subjects:
@@ -10,5 +11,5 @@ subjects:
     namespace: {{ .Release.Namespace }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
+  kind: Role
   name: {{ include "ra-self-hosted-executor.fullname" . }}
diff --git a/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-cluster-role.yaml b/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role.yaml
similarity index 85%
rename from helm-charts/falcon-self-hosted-registry-assessment/templates/executor-cluster-role.yaml
rename to helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role.yaml
index c886c266..34294cd2 100644
--- a/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-cluster-role.yaml
+++ b/helm-charts/falcon-self-hosted-registry-assessment/templates/executor-role.yaml
@@ -1,7 +1,8 @@
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
   name: {{ include "ra-self-hosted-executor.fullname" . }}
+  namespace: {{ .Release.Namespace }}
   labels:
   {{- include "ra-self-hosted.labels-executor" . | nindent 4 }}
 rules:
@@ -9,7 +10,6 @@ rules:
     - ""
     resources:
     - secrets
-    - namespaces
     verbs:
     - get
     - watch