Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRole
- metadata:
- name: spinnaker-role
- rules:
- - apiGroups: [""]
- resources: ["namespaces", "configmaps", "events", "replicationcontrollers", "serviceaccounts", "pods/logs"]
- verbs: ["get", "list"]
- - apiGroups: [""]
- resources: ["pods", "services", "secrets"]
- verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
- - apiGroups: ["autoscaling"]
- resources: ["horizontalpodautoscalers"]
- verbs: ["list", "get"]
- - apiGroups: ["apps"]
- resources: ["controllerrevisions", "statefulsets"]
- verbs: ["list"]
- - apiGroups: ["extensions", "apps"]
- resources: ["deployments", "replicasets", "ingresses"]
- verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
- # These permissions are necessary for halyard to operate. We use this role also to deploy Spinnaker itself.
- - apiGroups: [""]
- resources: ["services/proxy", "pods/portforward"]
- verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
- ---
- apiVersion: rbac.authorization.k8s.io/v1
- kind: ClusterRoleBinding
- metadata:
- name: spinnaker-role-binding
- roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: spinnaker-role
- subjects:
- - namespace: spinnaker
- kind: ServiceAccount
- name: spinnaker-service-account
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: spinnaker-service-account
- namespace: spinnaker
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement