183854482b
This patchset copies the development-pipeline and standard-container into the sample network mongodb directory to begin testing the pipeline and standard-container in a namespace created by jarvis-system. Change-Id: I8448a122e8da218752ea57b15fb2983881e90ec9
30 lines
953 B
YAML
30 lines
953 B
YAML
{{- if $.Values.role.create }}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: {{ $.Values.role.name }}
|
|
namespace: {{ $.Release.Namespace }}
|
|
rules:
|
|
# EventListeners need to be able to fetch all namespaced resources
|
|
- apiGroups: ["triggers.tekton.dev"]
|
|
resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get", "list", "watch"]
|
|
# Permissions to create resources in associated TriggerTemplates
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts"]
|
|
verbs: ["impersonate", "get"]
|
|
# Permissions to execute helm dry-run
|
|
- apiGroups: [""]
|
|
resources: ["secrets", "services"]
|
|
verbs: ["get"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments"]
|
|
verbs: ["get"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
resources: ["roles", "rolebindings"]
|
|
verbs: ["get"]
|
|
{{- end }}
|