feature expansion

cetic · Feb 22, 2022 · 8e47d6b · 8e47d6b
1 parent 3d1d4f8
commit 8e47d6b
Show file tree

Hide file tree

Showing 3 changed files with 46 additions and 0 deletions.
diff --git a/config.conf b/config.conf
diff --git a/templates/rbac.yaml b/templates/rbac.yaml
@@ -0,0 +1,38 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "serviceaccount" .}}
+  namespace: {{ .Release.Namespace }}
+imagePullSecrets:
+- docker-credentials
+---
+apiVersion: v1
+kind: List
+items:
+  #define the rights
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRole
+    metadata:
+      name: {{ .Release.Name }}-cr-{{ .Release.Namespace }}
+    rules:
+      - apiGroups:
+          - "apps"
+        resources:
+          - deployments
+          - statefulsets
+        verbs:
+          - get
+          - list
+  #link the ClusterRole to the namespace
+  - apiVersion: rbac.authorization.k8s.io/v1
+    kind: ClusterRoleBinding
+    metadata:
+      name: {{ .Release.Name }}-crb-{{ .Release.Namespace }}
+    subjects:
+      - kind: ServiceAccount
+        name: {{ include "serviceaccount" .}}
+        namespace: {{ .Release.Namespace }}
+    roleRef:
+      kind: ClusterRole
+      name: {{ .Release.Name }}-cr-{{ .Release.Namespace }}
+      apiGroup: rbac.authorization.k8s.io
diff --git a/templates/secret-docker.yaml b/templates/secret-docker.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: docker-credentials
+  namespace: {{ .Release.Namespace }}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "docker_credentials_tpl" . }}