clean up clusterrole definitions

playbooks/roles/setup-rbac/files/ichp-project-admin.yaml

@@ -1,24 +1,13 @@
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.ichp.ing.net/aggregate-to-ichp-project-admin: "true"
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    argocd.argoproj.io/sync-options: Prune=false
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"aggregationRule":{"clusterRoleSelectors":[{"matchLabels":{"rbac.ichp.ing.net/aggregate-to-ichp-project-admin":"true"}}]},"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"argocd.argoproj.io/sync-options":"Prune=false"},"labels":{"app.kubernetes.io/instance":"rbac","app.kubernetes.io/managed-by":"Helms","app.kubernetes.io/name":"ichp-rbac","app.kubernetes.io/version":"1.16.0","helm.sh/chart":"ichp-rbac-0.1.0"},"name":"ichp-project-admin"}}
-  creationTimestamp: "2024-03-08T22:14:44Z"
+    openshift.io/description: An ICHP dedicated role for admins.
+    openshift.io/reconcile-protect: "true"
   labels:
     app.kubernetes.io/instance: rbac
-    app.kubernetes.io/managed-by: Helms
     app.kubernetes.io/name: ichp-rbac
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: ichp-rbac-0.1.0
   name: ichp-project-admin
-  resourceVersion: "116608"
-  uid: 48e3d4b3-e8ef-41bf-9edf-020a8a88f14c
 rules:
 - apiGroups:
   - authdelegation.ichp.ing.net

playbooks/roles/setup-rbac/files/ichp-project-debugger.yaml

@@ -2,20 +2,13 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{"openshift.io/description":"An ICHP dedicated role for debugging.","openshift.io/reconcile-protect":"true"},"labels":{"app.kubernetes.io/instance":"rbac","app.kubernetes.io/managed-by":"Helms","app.kubernetes.io/name":"ichp-rbac","app.kubernetes.io/version":"1.16.0","helm.sh/chart":"ichp-rbac-0.1.0"},"name":"ichp-project-debugger"},"rules":[{"apiGroups":[""],"resources":["pods","pods/attach","pods/exec","pods/portforward","pods/proxy"],"verbs":["create","delete","deletecollection","get","list","patch","update","watch"]},{"apiGroups":[""],"resources":["pods/log","pods/status"],"verbs":["get","list","watch"]}]}
     openshift.io/description: An ICHP dedicated role for debugging.
     openshift.io/reconcile-protect: "true"
   creationTimestamp: "2024-03-08T22:14:44Z"
   labels:
     app.kubernetes.io/instance: rbac
-    app.kubernetes.io/managed-by: Helms
     app.kubernetes.io/name: ichp-rbac
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: ichp-rbac-0.1.0
   name: ichp-project-debugger
-  resourceVersion: "114538"
-  uid: 6d3db2d2-b3d3-4021-969c-88fa4e85d159
 rules:
 - apiGroups:
   - ""

playbooks/roles/setup-rbac/files/ichp-project-editor.yaml

@@ -1,23 +1,13 @@
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.ichp.ing.net/aggregate-to-ichp-project-admin: "true"
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"aggregationRule":{"clusterRoleSelectors":[{"matchLabels":{"rbac.ichp.ing.net/aggregate-to-ichp-project-admin":"true"}}]},"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"rbac","app.kubernetes.io/managed-by":"Helms","app.kubernetes.io/name":"ichp-rbac","app.kubernetes.io/version":"1.16.0","helm.sh/chart":"ichp-rbac-0.1.0"},"name":"ichp-project-editor"}}
-  creationTimestamp: "2024-03-08T22:14:44Z"
+    openshift.io/description: An ICHP dedicated role for developers.
+    openshift.io/reconcile-protect: "true"
   labels:
     app.kubernetes.io/instance: rbac
-    app.kubernetes.io/managed-by: Helms
     app.kubernetes.io/name: ichp-rbac
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: ichp-rbac-0.1.0
   name: ichp-project-editor
-  resourceVersion: "116612"
-  uid: c1d134ae-f610-4b9b-b552-cdd58a52f363
 rules:
 - apiGroups:
   - authdelegation.ichp.ing.net

playbooks/roles/setup-rbac/files/ichp-project-viewer.yaml

@@ -1,23 +1,13 @@
-aggregationRule:
-  clusterRoleSelectors:
-  - matchLabels:
-      rbac.ichp.ing.net/aggregate-to-ichp-project-viewer: "true"
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   annotations:
-    kubectl.kubernetes.io/last-applied-configuration: |
-      {"aggregationRule":{"clusterRoleSelectors":[{"matchLabels":{"rbac.ichp.ing.net/aggregate-to-ichp-project-viewer":"true"}}]},"apiVersion":"rbac.authorization.k8s.io/v1","kind":"ClusterRole","metadata":{"annotations":{},"labels":{"app.kubernetes.io/instance":"rbac","app.kubernetes.io/managed-by":"Helms","app.kubernetes.io/name":"ichp-rbac","app.kubernetes.io/version":"1.16.0","helm.sh/chart":"ichp-rbac-0.1.0"},"name":"ichp-project-viewer"}}
-  creationTimestamp: "2024-03-08T22:14:44Z"
+    openshift.io/description: An ICHP dedicated role for viewing only.
+    openshift.io/reconcile-protect: "true"
   labels:
     app.kubernetes.io/instance: rbac
-    app.kubernetes.io/managed-by: Helms
     app.kubernetes.io/name: ichp-rbac
-    app.kubernetes.io/version: 1.16.0
-    helm.sh/chart: ichp-rbac-0.1.0
   name: ichp-project-viewer
-  resourceVersion: "116557"
-  uid: 04b629e2-0fe9-4148-99ec-c63bbf8bd6ef
 rules:
 - apiGroups:
   - authdelegation.ichp.ing.net