From f84a6ea3123ff803473e56657aeec179648a7724 Mon Sep 17 00:00:00 2001 From: Joel Wetzell Date: Sun, 26 Oct 2025 16:31:06 -0500 Subject: [PATCH] add cluster role for editing stages --- stage-maker/cluster-role.yaml | 36 ++++++++++++++++++++++++++++++++ stage-maker/kustomization.yaml | 4 +++- stage-maker/pod.yaml | 1 + stage-maker/service-account.yaml | 5 +++++ 4 files changed, 45 insertions(+), 1 deletion(-) create mode 100644 stage-maker/cluster-role.yaml create mode 100644 stage-maker/service-account.yaml diff --git a/stage-maker/cluster-role.yaml b/stage-maker/cluster-role.yaml new file mode 100644 index 0000000..9f3fef8 --- /dev/null +++ b/stage-maker/cluster-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: stage-editor-role +rules: +- apiGroups: + - ontime.getontime.no + resources: + - stages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ontime.getontime.no + resources: + - stages/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: edit-stages-clusterrolebinding +subjects: +- kind: ServiceAccount + name: stage-editor + namespace: stage-maker +roleRef: + kind: ClusterRole + name: stage-editor-role + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/stage-maker/kustomization.yaml b/stage-maker/kustomization.yaml index 89fc68d..d77e21b 100644 --- a/stage-maker/kustomization.yaml +++ b/stage-maker/kustomization.yaml @@ -1,3 +1,5 @@ resources: - namespace.yaml - - pod.yaml \ No newline at end of file + - pod.yaml + - cluster-role.yaml + - service-account.yaml diff --git a/stage-maker/pod.yaml b/stage-maker/pod.yaml index 341a9b1..2def5d5 100644 --- a/stage-maker/pod.yaml +++ b/stage-maker/pod.yaml @@ -4,6 +4,7 @@ metadata: name: stage-maker namespace: stage-maker spec: + serviceAccountName: stage-editor containers: - name: stage-maker image: git.jwetzell.com/jwetzell/stage-maker:v0.0.1 \ No newline at end of file diff --git a/stage-maker/service-account.yaml b/stage-maker/service-account.yaml new file mode 100644 index 0000000..b1f61c8 --- /dev/null +++ b/stage-maker/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: stage-editor + namespace: stage-maker \ No newline at end of file