all repos — infra @ a14f6c932906e5b9007c071a4b07ed9edc32a023

infrastructure manifests and setup notes

apps/garage/rbac.yaml (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: garage
  labels:
    helm.sh/chart: garage-0.5.0
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: manage-crds-default-garage
  labels:
    helm.sh/chart: garage-0.5.0
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
rules:
- apiGroups: ["apiextensions.k8s.io"]
  resources: ["customresourcedefinitions"]
  verbs: ["get", "list", "watch", "create", "patch"]
- apiGroups: ["deuxfleurs.fr"]
  resources: ["garagenodes"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: allow-crds-for-default-garage
  labels:
    helm.sh/chart: garage-0.5.0
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
    app.kubernetes.io/version: "v1.0.0"
    app.kubernetes.io/managed-by: Helm
subjects:
- kind: ServiceAccount
  name: garage
  namespace: default
roleRef:
  kind: ClusterRole
  name: manage-crds-default-garage
  apiGroup: rbac.authorization.k8s.io