From 7f514dd6881a854c24688de6aaa7de7876ee0119 Mon Sep 17 00:00:00 2001 From: Francisc Munteanu Date: Thu, 7 Mar 2024 11:04:28 +0100 Subject: [PATCH] Create templates with member ToolchainCluster-related manifests (#537) * add member sa resources --------- Co-authored-by: Matous Jobanek Co-authored-by: Alexey Kazakov --- deploy/toolchaincluster/member-sa.yaml | 108 +++++++++++++++++++++++++ 1 file changed, 108 insertions(+) create mode 100644 deploy/toolchaincluster/member-sa.yaml diff --git a/deploy/toolchaincluster/member-sa.yaml b/deploy/toolchaincluster/member-sa.yaml new file mode 100644 index 00000000..46b09d36 --- /dev/null +++ b/deploy/toolchaincluster/member-sa.yaml @@ -0,0 +1,108 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: toolchaincluster-member + namespace: {{.Namespace}} +rules: +- apiGroups: + - toolchain.dev.openshift.com + resources: + - "*" + verbs: + - "*" +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: toolchaincluster-{{.Namespace}} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - "" + resources: + - users + - groups + verbs: + - impersonate +- apiGroups: + - toolchain.dev.openshift.com + resources: + - "spacerequests" + verbs: + - "*" +- apiGroups: + - toolchain.dev.openshift.com + resources: + - spacerequests/finalizers + verbs: + - update +- apiGroups: + - toolchain.dev.openshift.com + resources: + - spacerequests/status + verbs: + - get + - patch + - update +- apiGroups: + - route.openshift.io + resources: + - routes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "list" + - "watch" +- apiGroups: + - "" + resources: + - "secrets" + - "serviceaccounts/token" + verbs: + - "*" +- apiGroups: + - toolchain.dev.openshift.com + resources: + - "spacebindingrequests" + verbs: + - "*" +- apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests/finalizers + verbs: + - update +- apiGroups: + - toolchain.dev.openshift.com + resources: + - spacebindingrequests/status + verbs: + - get + - patch + - update +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: toolchaincluster-{{.Namespace}} +subjects: +- kind: ServiceAccount + name: toolchaincluster-member + namespace: {{.Namespace}} +roleRef: + kind: ClusterRole + name: toolchaincluster-{{.Namespace}} + apiGroup: rbac.authorization.k8s.io \ No newline at end of file