2565f67824
- For now, build the test-webhook binary in the same container image as the pinniped-server binary, to make it easier to distribute - Also fix lots of bugs from the first draft of the test-webhook's `/authenticate` implementation from the previous commit - Add a detailed README for the new deploy-test-webhook directory
31 lines
780 B
YAML
31 lines
780 B
YAML
#! Copyright 2020 VMware, Inc.
|
|
#! SPDX-License-Identifier: Apache-2.0
|
|
|
|
#@ load("@ytt:data", "data")
|
|
|
|
#! Give permission to various objects within the app's own namespace
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: test-webhook-aggregated-api-server-role
|
|
namespace: test-webhook
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: [secrets]
|
|
verbs: [create, get, list, patch, update, watch]
|
|
---
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: test-webhook-aggregated-api-server-role-binding
|
|
namespace: test-webhook
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: test-webhook-service-account
|
|
namespace: test-webhook
|
|
roleRef:
|
|
kind: Role
|
|
name: test-webhook-aggregated-api-server-role
|
|
apiGroup: rbac.authorization.k8s.io
|