diff options
| author | Alex <alex@adnab.me> | 2022-10-02 16:40:54 +0200 |
|---|---|---|
| committer | Alex <alex@adnab.me> | 2022-10-02 16:40:54 +0200 |
| commit | e21b672c96da3c6d01a5ef964aa0ad7a38f8e74c (patch) | |
| tree | 3c81b18ce35f168f7fe2b625340d484cf5037a9f /script/helm/garage/templates/clusterrole.yaml | |
| parent | b17d59cfabbe92c509f4888cae83f6053a8cab1e (diff) | |
| parent | db0c8b3980c5cb056c9402332dd09a1bfb276997 (diff) | |
| download | garage-e21b672c96da3c6d01a5ef964aa0ad7a38f8e74c.tar.gz garage-e21b672c96da3c6d01a5ef964aa0ad7a38f8e74c.zip | |
Merge pull request 'Add helm chart' (#331) from chemicstry/garage:helm_chart into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/331
Reviewed-by: maximilien <me@mricher.fr>
Diffstat (limited to 'script/helm/garage/templates/clusterrole.yaml')
| -rw-r--r-- | script/helm/garage/templates/clusterrole.yaml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/script/helm/garage/templates/clusterrole.yaml b/script/helm/garage/templates/clusterrole.yaml new file mode 100644 index 00000000..fa3e6405 --- /dev/null +++ b/script/helm/garage/templates/clusterrole.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: manage-crds-{{ .Release.Namespace }}-{{ .Release.Name }} + labels: + {{- include "garage.labels" . | nindent 4 }} +rules: +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch", "create", "patch"] +- apiGroups: ["deuxfleurs.fr"] + resources: ["garagenodes"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: allow-crds-for-{{ .Release.Namespace }}-{{ .Release.Name }} + labels: + {{- include "garage.labels" . | nindent 4 }} +subjects: +- kind: ServiceAccount + name: {{ include "garage.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: manage-crds-{{ .Release.Namespace }}-{{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io
\ No newline at end of file |