From 89c21f3ab47bf646d46ece3443af0adc88fb59cf Mon Sep 17 00:00:00 2001 From: Victor Date: Wed, 25 May 2022 12:30:51 +0200 Subject: [PATCH] agola: add rbac --- .../apps/gitops/agola/kustomization.yaml | 1 + flux/cluster/apps/gitops/agola/rbac.yaml | 59 +++++++++++++++++++ 2 files changed, 60 insertions(+) create mode 100644 flux/cluster/apps/gitops/agola/rbac.yaml diff --git a/flux/cluster/apps/gitops/agola/kustomization.yaml b/flux/cluster/apps/gitops/agola/kustomization.yaml index c696da4..fd47e5f 100644 --- a/flux/cluster/apps/gitops/agola/kustomization.yaml +++ b/flux/cluster/apps/gitops/agola/kustomization.yaml @@ -5,4 +5,5 @@ resources: - deployment.yaml - external-secret.yaml - ingress.yaml + - rbac.yaml - services.yaml diff --git a/flux/cluster/apps/gitops/agola/rbac.yaml b/flux/cluster/apps/gitops/agola/rbac.yaml new file mode 100644 index 0000000..9f8ec3c --- /dev/null +++ b/flux/cluster/apps/gitops/agola/rbac.yaml @@ -0,0 +1,59 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: agola + namespace: gitops +rules: +- apiGroups: + - "" + resources: + - nodes + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: agola + namespace: gitops +rules: +- apiGroups: + - "" + - "coordination.k8s.io" + resources: + - nodes + - pods + - pods/exec + - configmaps + - leases + - secrets + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + name: agola + namespace: gitops +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: agola +subjects: +- kind: ServiceAccount + name: default + namespace: gitops +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: agola + namespace: gitops +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: agola +subjects: +- kind: ServiceAccount + name: default + namespace: gitops