From 791d52022d42890065ffc5f3975bc44fe3d242dc Mon Sep 17 00:00:00 2001 From: shreddedbacon Date: Thu, 7 Dec 2023 10:58:02 +1100 Subject: [PATCH] chore: add clusterroles for tasks and builds to admin and edit --- charts/lagoon-build-deploy/Chart.yaml | 4 +-- .../templates/clusterrolebinding.yaml | 28 +++++++++++++++++++ 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index b639ef5e..4ce5c160 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.23.0-0" type: application -version: 0.26.2 +version: 0.26.3 appVersion: v0.15.4 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller to v0.15.4 + description: added clusterroles for tasks and builds diff --git a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml index 5684f5a5..a07e45b2 100644 --- a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml +++ b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml @@ -12,3 +12,31 @@ roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-builds + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoonbuilds"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-tasks + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoontasks"] + verbs: ["*"]