k3s-cluster/kubernetes/main/apps/dev/forgejo-runner/service-account.yaml

43 lines
No EOL
1.2 KiB
YAML

# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: forgejo-runner
namespace: dev
rules:
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["pods/exec"]
verbs: ["get", "create"]
- apiGroups: [""]
resources: ["pods/log"]
verbs: ["get", "list", "watch",]
- apiGroups: ["batch"]
resources: ["jobs"]
verbs: ["get", "list", "create", "delete"]
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "create", "delete"]
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: forgejo-runner
namespace: dev
subjects:
- kind: ServiceAccount
name: forgejo-runner
roleRef:
kind: Role
name: forgejo-runner
apiGroup: rbac.authorization.k8s.io
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
apiVersion: v1
kind: ServiceAccount
metadata:
name: forgejo-runner
namespace: dev