From 8e47d6b6dbfb7890195ea098ff8341a1cbec28f9 Mon Sep 17 00:00:00 2001 From: tde Date: Tue, 22 Feb 2022 14:40:29 +0100 Subject: [PATCH] feature expansion --- config.conf | 0 templates/rbac.yaml | 38 ++++++++++++++++++++++++++++++++++++ templates/secret-docker.yaml | 8 ++++++++ 3 files changed, 46 insertions(+) create mode 100644 config.conf create mode 100644 templates/rbac.yaml create mode 100644 templates/secret-docker.yaml diff --git a/config.conf b/config.conf new file mode 100644 index 0000000..e69de29 diff --git a/templates/rbac.yaml b/templates/rbac.yaml new file mode 100644 index 0000000..a8e0c4d --- /dev/null +++ b/templates/rbac.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "serviceaccount" .}} + namespace: {{ .Release.Namespace }} +imagePullSecrets: +- docker-credentials +--- +apiVersion: v1 +kind: List +items: + #define the rights + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: {{ .Release.Name }}-cr-{{ .Release.Namespace }} + rules: + - apiGroups: + - "apps" + resources: + - deployments + - statefulsets + verbs: + - get + - list + #link the ClusterRole to the namespace + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: {{ .Release.Name }}-crb-{{ .Release.Namespace }} + subjects: + - kind: ServiceAccount + name: {{ include "serviceaccount" .}} + namespace: {{ .Release.Namespace }} + roleRef: + kind: ClusterRole + name: {{ .Release.Name }}-cr-{{ .Release.Namespace }} + apiGroup: rbac.authorization.k8s.io diff --git a/templates/secret-docker.yaml b/templates/secret-docker.yaml new file mode 100644 index 0000000..cdb73fa --- /dev/null +++ b/templates/secret-docker.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: Secret +metadata: + name: docker-credentials + namespace: {{ .Release.Namespace }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "docker_credentials_tpl" . }}