Skip to content

Commit 32b578e

Browse files
felix-seifertfelix-seifert
authored
chore: create K8s service account to apply changes (#52)
1 parent 9372354 commit 32b578e

File tree

3 files changed

+87
-0
lines changed

3 files changed

+87
-0
lines changed

kubernetes/docs/namespace.yaml

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,3 +2,18 @@ apiVersion: v1
22
kind: Namespace
33
metadata:
44
name: docs-ns
5+
---
6+
# RoleBinding for CI service account
7+
apiVersion: rbac.authorization.k8s.io/v1
8+
kind: RoleBinding
9+
metadata:
10+
name: svc-gha-kubectl-apply-rolebinding
11+
namespace: docs-ns
12+
subjects:
13+
- kind: ServiceAccount
14+
name: svc-gha-kubectl-apply
15+
namespace: service-account-ns
16+
roleRef:
17+
kind: ClusterRole
18+
name: svc-gha-kubectl-apply-clusterrole
19+
apiGroup: rbac.authorization.k8s.io

kubernetes/service_accounts/namespace.yaml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
apiVersion: v1
2+
kind: Namespace
3+
metadata:
4+
name: service-account-ns
5+
---
6+
# RoleBinding for CI service account
7+
apiVersion: rbac.authorization.k8s.io/v1
8+
kind: RoleBinding
9+
metadata:
10+
name: svc-gha-kubectl-apply-rolebinding
11+
namespace: service-account-ns
12+
subjects:
13+
- kind: ServiceAccount
14+
name: svc-gha-kubectl-apply
15+
namespace: service-account-ns
16+
roleRef:
17+
kind: ClusterRole
18+
name: svc-gha-kubectl-apply-clusterrole
19+
apiGroup: rbac.authorization.k8s.io

kubernetes/service_accounts/svc-gha-kubectl-apply.yaml

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
apiVersion: v1
2+
kind: ServiceAccount
3+
metadata:
4+
name: svc-gha-kubectl-apply
5+
namespace: service-account-ns
6+
---
7+
apiVersion: v1
8+
kind: Secret
9+
type: kubernetes.io/service-account-token
10+
metadata:
11+
name: svc-gha-kubectl-apply-token
12+
namespace: service-account-ns
13+
annotations:
14+
kubernetes.io/service-account.name: "svc-gha-kubectl-apply"
15+
---
16+
apiVersion: rbac.authorization.k8s.io/v1
17+
kind: ClusterRole
18+
metadata:
19+
name: svc-gha-kubectl-apply-clusterrole
20+
rules:
21+
- apiGroups: [""]
22+
resources:
23+
- services
24+
- namespaces
25+
verbs:
26+
- get
27+
- list
28+
- watch
29+
- create
30+
- update
31+
- patch
32+
33+
- apiGroups: ["apps"]
34+
resources:
35+
- deployments
36+
verbs:
37+
- get
38+
- list
39+
- watch
40+
- create
41+
- update
42+
- patch
43+
44+
- apiGroups: ["rbac.authorization.k8s.io"]
45+
resources:
46+
- rolebindings
47+
verbs:
48+
- get
49+
- list
50+
- watch
51+
- create
52+
- update
53+
- patch

0 commit comments

Comments
 (0)