Verified Commit ab49b1d7 authored by Sebastian Schüpbach's avatar Sebastian Schüpbach
Browse files

define role, rolebinding and serviceaccount in one template

parent 8b95cc71
Pipeline #31887 passed with stages
in 2 minutes and 20 seconds
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role-binding"
namespace: "{{ .Values.k8sNamespace }}"
subjects:
- kind: ServiceAccount
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-service-account"
namespace: "{{ .Values.k8sNamespace }}"
roleRef:
kind: Role
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role"
apiGroup: rbac.authorization.k8s.io
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role"
namespace: "{{ .Values.k8sNamespace }}"
rules:
- apiGroups: ["", "apps", "networking.k8s.io", "rbac.authorization.k8s.io"] # "" indicates the core API group
resources: ["deployments", "pods", "ingresses", "serviceaccounts", "roles", "rolebindings", "services", "secrets", "configmaps", "jobs"]
verbs: ["apply", "get", "list", "create", "watch", "create", "update", "patch", "delete", "bind"]
......@@ -2,3 +2,27 @@ apiVersion: v1
kind: ServiceAccount
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-service-account"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role"
namespace: "{{ .Values.k8sNamespace }}"
rules:
- apiGroups: ["", "apps", "networking.k8s.io", "rbac.authorization.k8s.io"] # "" indicates the core API group
resources: ["deployments", "pods", "ingresses", "serviceaccounts", "roles", "rolebindings", "services", "secrets", "configmaps", "jobs"]
verbs: ["apply", "get", "list", "create", "watch", "create", "update", "patch", "delete", "bind"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role-binding"
namespace: "{{ .Values.k8sNamespace }}"
subjects:
- kind: ServiceAccount
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-service-account"
namespace: "{{ .Values.k8sNamespace }}"
roleRef:
kind: Role
name: "{{ .Values.k8sGroupId }}-{{ .Values.k8sName }}-{{ .Values.k8sEnvironment }}-role"
apiGroup: rbac.authorization.k8s.io
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment