2020-10-06 00:28:19 +00:00
|
|
|
#! Copyright 2020 the Pinniped contributors. All Rights Reserved.
|
|
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
|
|
|
#@ load("@ytt:data", "data")
|
|
|
|
|
|
|
|
#! Give permission to various objects within the app's own namespace
|
|
|
|
---
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
kind: Role
|
|
|
|
metadata:
|
|
|
|
name: #@ data.values.app_name
|
|
|
|
namespace: #@ data.values.namespace
|
|
|
|
labels:
|
|
|
|
app: #@ data.values.app_name
|
|
|
|
rules:
|
2020-10-14 13:47:34 +00:00
|
|
|
- apiGroups: [""]
|
|
|
|
resources: [secrets]
|
|
|
|
verbs: [create, get, list, patch, update, watch, delete]
|
2020-10-07 14:53:05 +00:00
|
|
|
- apiGroups: [config.pinniped.dev]
|
|
|
|
resources: [oidcproviderconfigs]
|
2020-10-08 17:27:45 +00:00
|
|
|
verbs: [update, get, list, watch]
|
2020-10-06 00:28:19 +00:00
|
|
|
---
|
|
|
|
kind: RoleBinding
|
|
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
|
|
metadata:
|
|
|
|
name: #@ data.values.app_name
|
|
|
|
namespace: #@ data.values.namespace
|
|
|
|
labels:
|
|
|
|
app: #@ data.values.app_name
|
|
|
|
subjects:
|
|
|
|
- kind: ServiceAccount
|
|
|
|
name: #@ data.values.app_name
|
|
|
|
namespace: #@ data.values.namespace
|
|
|
|
roleRef:
|
|
|
|
kind: Role
|
|
|
|
name: #@ data.values.app_name
|
|
|
|
apiGroup: rbac.authorization.k8s.io
|