Fix crossplane docs RBAC section

4c0ed436 · Hordur Freyr Yngvason · 6dc8e6fc · 4c0ed436
Commit 4c0ed436 authored Mar 12, 2020 by Hordur Freyr Yngvason
Hide whitespace changes
Inline Side-by-side

Showing with 33 additions and 37 deletions

doc/user/clusters/crossplane.md doc/user/clusters/crossplane.md +33 -37

No files found.
--- a/doc/user/clusters/crossplane.md
+++ b/doc/user/clusters/crossplane.md
@@ -35,43 +35,39 @@ export REGION=us-central1 # the GCP region where the GKE cluster is provisioned.

 ## Configure RBAC permissions

- For a non-GitLab managed cluster(s), ensure that the service account for the token provided can manage resources in the `database.crossplane.io` API group.
-Manually grant GitLab's service account the ability to manage resources in the
-`database.crossplane.io` API group. The Aggregated ClusterRole allows us to do that.
-
-NOTE: **Note:**
-For a non-GitLab managed cluster, ensure that the service account for the token provided can manage resources in the `database.crossplane.io` API group.
-1. Save the following YAML as `crossplane-database-role.yaml`:
-
-```shell
-cat > crossplane-database-role.yaml <<EOF
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: crossplane-database-role
-  labels:
-    rbac.authorization.k8s.io/aggregate-to-edit: "true"
-rules:
- apiGroups:
-  - database.crossplane.io
-  resources:
-  - postgresqlinstances
-  verbs:
-  - get
-  - list
-  - create
-  - update
-  - delete
-  - patch
-  - watch
-EOF
-```
-
-Once the file is created, apply it with the following command in order to create the necessary role:
-
-```shell
-kubectl apply -f crossplane-database-role.yaml
-```
+- For GitLab-managed clusters, RBAC is configured automatically.
+
+- For non-GitLab managed clusters, ensure that the service account for the token provided can manage resources in the `database.crossplane.io` API group:
+
+  1. Save the following YAML as `crossplane-database-role.yaml`:
+
+      ```yaml
+      apiVersion: rbac.authorization.k8s.io/v1
+      kind: ClusterRole
+      metadata:
+        name: crossplane-database-role
+        labels:
+          rbac.authorization.k8s.io/aggregate-to-edit: "true"
+      rules:
+      - apiGroups:
+        - database.crossplane.io
+        resources:
+        - postgresqlinstances
+        verbs:
+        - get
+        - list
+        - create
+        - update
+        - delete
+        - patch
+        - watch
+      ```
+
+  1. Apply the cluster role to the cluster:
+
+      ```shell
+      kubectl apply -f crossplane-database-role.yaml
+      ```

 ## Configure Crossplane with a cloud provider