remoll/k3s-infra
0
0
Fork 0
Code Issues 1 Pull Requests 3 Packages Projects Releases Wiki Activity

update authorization

Browse Source
This commit is contained in:
Remy Moll 2024-01-07 11:51:20 +01:00
parent 299cbea97e
commit 7da1d705a4
3 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
infrastructure/external-dns/deployment.yaml
View File

@ -13,6 +13,7 @@ spec:
labels: labels:
app: external-dns app: external-dns
spec: spec:
serviceAccountName: external-dns
containers: containers:
- name: external-dns - name: external-dns
image: external-dns image: external-dns

1
infrastructure/external-dns/kustomization.yaml
View File

@ -7,6 +7,7 @@ resources:
- namespace.yaml - namespace.yaml
- cloudflare.sealedsecret.yaml - cloudflare.sealedsecret.yaml
- deployment.yaml - deployment.yaml
- rbac.yaml
images: images:
- name: external-dns - name: external-dns

32
infrastructure/external-dns/rbac.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: external-dns
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: external-dns
rules:
- apiGroups: [""]
resources: ["services","endpoints","pods"]
verbs: ["get","watch","list"]
- apiGroups: ["extensions","networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get","watch","list"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: external-dns-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: external-dns
subjects:
- kind: ServiceAccount
name: external-dns
namespace: external-dns