43 lines
No EOL
1.2 KiB
YAML
43 lines
No EOL
1.2 KiB
YAML
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/role.json
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: forgejo-runner
|
|
namespace: dev
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["pods"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/exec"]
|
|
verbs: ["get", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["pods/log"]
|
|
verbs: ["get", "list", "watch",]
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list", "create", "delete"]
|
|
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/rolebinding.json
|
|
kind: RoleBinding
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: forgejo-runner
|
|
namespace: dev
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: forgejo-runner
|
|
roleRef:
|
|
kind: Role
|
|
name: forgejo-runner
|
|
apiGroup: rbac.authorization.k8s.io
|
|
---
|
|
# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.29.4/serviceaccount.json
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: forgejo-runner
|
|
namespace: dev |