From 35974266ae938856f3a254b12308b1a99e67e5e7 Mon Sep 17 00:00:00 2001
From: Staffan Olsson <staffan@repos.se>
Date: Sat, 5 Aug 2017 05:53:02 +0200
Subject: Got the feeling from kubectl get clusterrole ...

that having access control rules, in particular cluster scoped,
lying around without knowing where they come from
will be unmaintainable over time. Labels show up nicely in describe.
---
 rbac-namespace-default/events-watcher.yml | 4 ++++
 rbac-namespace-default/node-reader.yml    | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/rbac-namespace-default/events-watcher.yml b/rbac-namespace-default/events-watcher.yml
index 6194e84..3b2e76d 100644
--- a/rbac-namespace-default/events-watcher.yml
+++ b/rbac-namespace-default/events-watcher.yml
@@ -4,6 +4,8 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: events-watcher
+  labels:
+    origin: github.com_Yolean_kubernetes-kafka
 rules:
 - apiGroups:
   - ""
@@ -16,6 +18,8 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: kafka-events-watcher
+  labels:
+    origin: github.com_Yolean_kubernetes-kafka
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
diff --git a/rbac-namespace-default/node-reader.yml b/rbac-namespace-default/node-reader.yml
index 3a133a8..0454579 100644
--- a/rbac-namespace-default/node-reader.yml
+++ b/rbac-namespace-default/node-reader.yml
@@ -4,6 +4,8 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: node-reader
+  labels:
+    origin: github.com_Yolean_kubernetes-kafka
 rules:
 - apiGroups:
   - ""
@@ -16,6 +18,8 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
   name: kafka-node-reader
+  labels:
+    origin: github.com_Yolean_kubernetes-kafka
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-- 
cgit v1.2.3