diff options
Diffstat (limited to 'data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml')
| -rw-r--r-- | data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml new file mode 100644 index 0000000..e3b48c6 --- /dev/null +++ b/data.d/k3s-master/manifests.d/tyilnet/cicd-system/rbac.yaml @@ -0,0 +1,100 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: argo-runner + namespace: cicd-system +automountServiceAccountToken: true +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: argo-runner + namespace: cicd-system +rules: +- apiGroups: + - "" + resources: + - secrets + - persistentvolumeclaims + - pods + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - list + - create + - update + - delete + - patch + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - get + - list +- apiGroups: + - argoproj.io + resources: + - eventbus + - eventsources + - sensors + verbs: + - get + - list + - watch +- apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - get + - list + - create + - update + - patch + - watch +... +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: argo-runner + namespace: cicd-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: argo-runner +subjects: +- kind: ServiceAccount + name: argo-runner + namespace: cicd-system +... |