diff options
author | Patrick Spek <p.spek@tyil.nl> | 2023-08-27 13:24:12 +0200 |
---|---|---|
committer | Patrick Spek <p.spek@tyil.nl> | 2023-08-27 13:24:12 +0200 |
commit | c16c2be5f767d34d428d5626c66fc0684150db37 (patch) | |
tree | 34f88a62a098c7f3deee642023fce460a0b37cf3 /data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml | |
parent | e07b17b7a783b471d952651ed4c3d1817ec92493 (diff) |
Enable persistence for workflows
Diffstat (limited to 'data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml')
-rw-r--r-- | data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml new file mode 100644 index 0000000..e3b48c6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-runner + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-runner + namespace: cicd-system +rules: +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + - pods + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-runner + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-runner +subjects: +- kind: ServiceAccount + name: argo-runner + namespace: cicd-system +... |