Add service account, role and rolebinding for server deployment
This commit is contained in:
Liviu Costea
parent
9c0f787c27
commit
046f25ede2
3 changed files with 78 additions and 0 deletions
46
charts/argo-cd/templates/argocd-server-role.yaml
Executable file
46
charts/argo-cd/templates/argocd-server-role.yaml
Executable file
|
|
@ -0,0 +1,46 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ include "argo-cd.fullname" . }}-server
|
||||||
|
labels:
|
||||||
|
app: {{ include "argo-cd.name" . }}-server
|
||||||
|
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
|
||||||
|
helm.sh/chart: {{ include "argo-cd.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- argoproj.io
|
||||||
|
resources:
|
||||||
|
- applications
|
||||||
|
- appprojects
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- events
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- list
|
||||||
20
charts/argo-cd/templates/argocd-server-rolebinding.yaml
Executable file
20
charts/argo-cd/templates/argocd-server-rolebinding.yaml
Executable file
|
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ include "argo-cd.fullname" . }}-server
|
||||||
|
labels:
|
||||||
|
app: {{ include "argo-cd.name" . }}-server
|
||||||
|
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
|
||||||
|
helm.sh/chart: {{ include "argo-cd.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
|
||||||
|
app.kubernetes.io/component: server
|
||||||
|
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ include "argo-cd.fullname" . }}-server
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ include "argo-cd.fullname" . }}-server
|
||||||
12
charts/argo-cd/templates/argocd-server-sa.yaml
Executable file
12
charts/argo-cd/templates/argocd-server-sa.yaml
Executable file
|
|
@ -0,0 +1,12 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ include "argo-cd.fullname" . }}-server
|
||||||
|
labels:
|
||||||
|
app: {{ include "argo-cd.name" . }}-server
|
||||||
|
app.kubernetes.io/name: {{ include "argo-cd.name" . }}-server
|
||||||
|
helm.sh/chart: {{ include "argo-cd.chart" . }}
|
||||||
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
app.kubernetes.io/part-of: {{ include "argo-cd.name" . }}
|
||||||
|
app.kubernetes.io/component: server
|
||||||
Loading…
Reference in a new issue