From 9c27714f31ea2d5ac9f6283c254d3f97236712fe Mon Sep 17 00:00:00 2001
From: wogud1221 <wogud1221@khu.ac.kr>
Date: Thu, 31 Jul 2025 07:10:48 +0000
Subject: [PATCH] Change install & uninstall_rolebindings.sh into single
 rolebindings.yaml file

-Deleted install & uninstall_rolebinding.sh
-Created rolebindings.yaml
-Edited install & uninstall_traininghost.sh (kubectl apply & delete -f bin/rolebindings.yaml)

Issue-ID: AIMLFW-214

Change-Id: I968244befbb5400564de61fb61c7bf74dbf88a17
Signed-off-by: wogud1221 <wogud1221@khu.ac.kr>
---
 bin/install_rolebindings.sh   | 23 ------------------
 bin/install_traininghost.sh   |  2 +-
 bin/rolebindings.yaml         | 56 +++++++++++++++++++++++++++++++++++++++++++
 bin/uninstall_rolebindings.sh | 23 ------------------
 bin/uninstall_traininghost.sh |  2 +-
 5 files changed, 58 insertions(+), 48 deletions(-)
 delete mode 100755 bin/install_rolebindings.sh
 create mode 100644 bin/rolebindings.yaml
 delete mode 100755 bin/uninstall_rolebindings.sh

diff --git a/bin/install_rolebindings.sh b/bin/install_rolebindings.sh
deleted file mode 100755
index eb834de..0000000
--- a/bin/install_rolebindings.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-# ==================================================================================
-#
-#       Copyright (c) 2022 Samsung Electronics Co., Ltd. All Rights Reserved.
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#          http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-# ==================================================================================
-
-# For reading secrets in Kubeflow-Pipeline and SDK
-
-kubectl create clusterrole secret_reader --verb get,list --resource secret
-kubectl create  rolebinding secret_pipline_runner_rb -n traininghost --serviceaccount kubeflow:pipeline-runner --clusterrole  secret_reader
-kubectl create rolebinding traininghost_default_secret_rb -n kubeflow --serviceaccount traininghost:default --clusterrole secret_reader
diff --git a/bin/install_traininghost.sh b/bin/install_traininghost.sh
index fe18b0d..a3dc8d8 100755
--- a/bin/install_traininghost.sh
+++ b/bin/install_traininghost.sh
@@ -30,6 +30,6 @@ kubectl create namespace traininghost
 #copy of secrets to traininghost namespace to enable modelmanagement service to access leofs
 kubectl get secret leofs-secret --namespace=kubeflow -o yaml | sed -e 's/kubeflow/traininghost/g' | kubectl apply -f -
 
-bin/install_rolebindings.sh
+kubectl apply -f bin/rolebindings.yaml
 bin/install_databases.sh
 bin/install.sh -f RECIPE_EXAMPLE/example_recipe_latest_stable.yaml
diff --git a/bin/rolebindings.yaml b/bin/rolebindings.yaml
new file mode 100644
index 0000000..dca2a27
--- /dev/null
+++ b/bin/rolebindings.yaml
@@ -0,0 +1,56 @@
+# ==================================================================================
+#
+#       Copyright (c) 2025 Kyunghee University, Mobile Communication Lab. All Rights Reserved.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#          http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+# ==================================================================================
+
+# For reading secrets in Kubeflow-Pipeline and SDK
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secret_reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret_pipeline_runner_rb
+  namespace: traininghost
+subjects:
+- kind: ServiceAccount
+  name: pipeline-runner
+  namespace: kubeflow
+roleRef:
+  kind: ClusterRole
+  name: secret_reader
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: traininghost_default_secret_rb
+  namespace: kubeflow
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: traininghost
+roleRef:
+  kind: ClusterRole
+  name: secret_reader
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/bin/uninstall_rolebindings.sh b/bin/uninstall_rolebindings.sh
deleted file mode 100755
index f0829fa..0000000
--- a/bin/uninstall_rolebindings.sh
+++ /dev/null
@@ -1,23 +0,0 @@
-# ==================================================================================
-#
-#       Copyright (c) 2022 Samsung Electronics Co., Ltd. All Rights Reserved.
-#
-#   Licensed under the Apache License, Version 2.0 (the "License");
-#   you may not use this file except in compliance with the License.
-#   You may obtain a copy of the License at
-#
-#          http://www.apache.org/licenses/LICENSE-2.0
-#
-#   Unless required by applicable law or agreed to in writing, software
-#   distributed under the License is distributed on an "AS IS" BASIS,
-#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#   See the License for the specific language governing permissions and
-#   limitations under the License.
-#
-# ==================================================================================
-
-# For removing secrets in Kubeflow-Pipeline and SDK
-
-kubectl delete rolebinding traininghost_default_secret_rb -n kubeflow
-kubectl delete  rolebinding secret_pipline_runner_rb -n traininghost
-kubectl delete clusterrole secret_reader
diff --git a/bin/uninstall_traininghost.sh b/bin/uninstall_traininghost.sh
index 5471605..3268dac 100755
--- a/bin/uninstall_traininghost.sh
+++ b/bin/uninstall_traininghost.sh
@@ -23,7 +23,7 @@ sudo helm plugin uninstall servecm
 
 tools/kubeflow/bin/uninstall_kubeflow.sh
 tools/leofs/bin/uninstall_leofs.sh
-bin/uninstall_rolebindings.sh
+kubectl delete -f bin/rolebindings.yaml
 kubectl delete namespace traininghost
 
 tools/nfs/delete_nfs_subdir_external_provisioner.sh
-- 
2.16.6