update: ns config

components/configs/namespaces/base/cluster-config-project.yaml

@@ -5,8 +5,8 @@ metadata:
 spec:
   projectRequestMessage: >-
     Don't Panic - Everything is fine.
-    You shouldn't have access to create projects in this cluster.
+    You might not have access to create projects in this cluster.
     If you want to change this situation look at:
     https://github.com/redhat-na-ssa/demo-argocd-gitops
-  projectRequestTemplate: null
+  projectRequestTemplate: {}
   #   name: project-request

components/configs/namespaces/base/project-request-termplate.yaml

@@ -55,40 +55,40 @@ objects:
       name: '${PROJECT_NAME}'
     spec: {}
     status: {}
-  - apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-      annotations:
-        openshift.io/description: >-
-          Allows all pods in this namespace to pull images from this namespace.
-          It is auto-managed by a controller; remove subjects to disable.
-      name: 'system:image-pullers'
-      namespace: '${PROJECT_NAME}'
-    roleRef:
-      apiGroup: rbac.authorization.k8s.io
-      kind: ClusterRole
-      name: 'system:image-puller'
-    subjects:
-      - apiGroup: rbac.authorization.k8s.io
-        kind: Group
-        name: 'system:serviceaccounts:${PROJECT_NAME}'
-  - apiVersion: rbac.authorization.k8s.io/v1
-    kind: RoleBinding
-    metadata:
-      annotations:
-        openshift.io/description: >-
-          Allows builds in this namespace to push images to this namespace.  It
-          is auto-managed by a controller; remove subjects to disable.
-      name: 'system:image-builders'
-      namespace: '${PROJECT_NAME}'
-    roleRef:
-      apiGroup: rbac.authorization.k8s.io
-      kind: ClusterRole
-      name: 'system:image-builder'
-    subjects:
-      - kind: ServiceAccount
-        name: builder
-        namespace: '${PROJECT_NAME}'
+  # - apiVersion: rbac.authorization.k8s.io/v1
+  #   kind: RoleBinding
+  #   metadata:
+  #     annotations:
+  #       openshift.io/description: >-
+  #         Allows all pods in this namespace to pull images from this namespace.
+  #         It is auto-managed by a controller; remove subjects to disable.
+  #     name: 'system:image-pullers'
+  #     namespace: '${PROJECT_NAME}'
+  #   roleRef:
+  #     apiGroup: rbac.authorization.k8s.io
+  #     kind: ClusterRole
+  #     name: 'system:image-puller'
+  #   subjects:
+  #     - apiGroup: rbac.authorization.k8s.io
+  #       kind: Group
+  #       name: 'system:serviceaccounts:${PROJECT_NAME}'
+  # - apiVersion: rbac.authorization.k8s.io/v1
+  #   kind: RoleBinding
+  #   metadata:
+  #     annotations:
+  #       openshift.io/description: >-
+  #         Allows builds in this namespace to push images to this namespace.  It
+  #         is auto-managed by a controller; remove subjects to disable.
+  #     name: 'system:image-builders'
+  #     namespace: '${PROJECT_NAME}'
+  #   roleRef:
+  #     apiGroup: rbac.authorization.k8s.io
+  #     kind: ClusterRole
+  #     name: 'system:image-builder'
+  #   subjects:
+  #     - kind: ServiceAccount
+  #       name: builder
+  #       namespace: '${PROJECT_NAME}'
   - apiVersion: rbac.authorization.k8s.io/v1
     kind: RoleBinding
     metadata:

components/configs/namespaces/instance/sandbox/rolebinding-edit.yaml

@@ -10,4 +10,4 @@ roleRef:
 subjects:
 - apiGroup: rbac.authorization.k8s.io
   kind: Group
-  name: system:authenticated:oauth
+  name: system:authenticated

components/configs/namespaces/overlays/default/kustomization.yaml

@@ -3,18 +3,4 @@ kind: Kustomization
 
 resources:
   - ../../base
-  - ../../instance/registry
   - ../../instance/sandbox
-
-# patches:
-#   - target:
-#       kind: LimitRange
-#       name: sandbox-limit-range
-#     patch: |-
-#       - op: replace
-#         path: /spec/limits
-#         value:
-#           - default:
-#               cpu: 100m
-#               memory: 256Mi
-#             type: Container