djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
76bd462cf8
ContainerImage.Pinniped/deploy-supervisor/rbac.yaml

35 lines
856 B
YAML
Raw Normal View History

Implement very rough skeleton of the start of a supervisor server - This is just stab at a starting place because it felt easier to put something down on paper than to keep staring at a blank page
2020-10-06 00:28:19 +00:00
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
#! SPDX-License-Identifier: Apache-2.0
#@ load("@ytt:data", "data")
#! Give permission to various objects within the app's own namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: #@ data.values.app_name
namespace: #@ data.values.namespace
labels:
app: #@ data.values.app_name
rules:
- apiGroups: [""]
resources: [configmaps]
verbs: [get, list, watch]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: #@ data.values.app_name
namespace: #@ data.values.namespace
labels:
app: #@ data.values.app_name
subjects:
- kind: ServiceAccount
name: #@ data.values.app_name
namespace: #@ data.values.namespace
roleRef:
kind: Role
name: #@ data.values.app_name
apiGroup: rbac.authorization.k8s.io
Reference in New Issue Copy Permalink