andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
rancher-charts/charts/fleet/104.1.0+up0.10.4/templates/rbac_gitjob.yaml

134 lines
2.1 KiB
YAML
Raw Permalink Blame History

{{- if .Values.gitops.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: gitjob
rules:
- apiGroups:
- "batch"
resources:
- 'jobs'
verbs:
- '*'
- apiGroups:
- ""
resources:
- 'pods'
verbs:
- 'list'
- 'get'
- 'watch'
- apiGroups:
- ""
resources:
- 'secrets'
verbs:
- '*'
- apiGroups:
- ""
resources:
- 'configmaps'
verbs:
- '*'
- apiGroups:
- "fleet.cattle.io"
resources:
- "gitrepos"
- "gitrepos/status"
verbs:
- "*"
- apiGroups:
- "fleet.cattle.io"
resources:
- "gitreporestrictions"
verbs:
- list
- get
- watch
- apiGroups:
- "fleet.cattle.io"
resources:
- "bundles"
- "bundledeployments"
- "imagescans"
- "contents"
verbs:
- list
- delete
- get
- watch
- update
- apiGroups:
- ""
resources:
- 'events'
verbs:
- '*'
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- "create"
- apiGroups:
- ""
resources:
- namespaces
verbs:
- "create"
- "delete"
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
verbs:
- escalate
- create
- bind
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: gitjob-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: gitjob
subjects:
- kind: ServiceAccount
name: gitjob
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: gitjob
rules:
- apiGroups:
- "coordination.k8s.io"
resources:
- "leases"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: gitjob
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: gitjob
subjects:
- kind: ServiceAccount
name: gitjob
{{- end }}
Reference in New Issue View Git Blame Copy Permalink