k8s: Spinnaker resources

1. apiVersion: rbac.authorization.k8s.io/v1
2. kind: ClusterRole
3. metadata:
4. name: spinnaker-role
5. rules:
6. - apiGroups: [""]
7. resources: ["namespaces", "configmaps", "events", "replicationcontrollers", "serviceaccounts", "pods/logs"]
8. verbs: ["get", "list"]
9. - apiGroups: [""]
10. resources: ["pods", "services", "secrets"]
11. verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
12. - apiGroups: ["autoscaling"]
13. resources: ["horizontalpodautoscalers"]
14. verbs: ["list", "get"]
15. - apiGroups: ["apps"]
16. resources: ["controllerrevisions", "statefulsets"]
17. verbs: ["list"]
18. - apiGroups: ["extensions", "apps"]
19. resources: ["deployments", "replicasets", "ingresses"]
20. verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
21. # These permissions are necessary for halyard to operate. We use this role also to deploy Spinnaker itself.
22. - apiGroups: [""]
23. resources: ["services/proxy", "pods/portforward"]
24. verbs: ["create", "delete", "deletecollection", "get", "list", "patch", "update", "watch"]
25. ---
26. apiVersion: rbac.authorization.k8s.io/v1
27. kind: ClusterRoleBinding
28. metadata:
29. name: spinnaker-role-binding
30. roleRef:
31. apiGroup: rbac.authorization.k8s.io
32. kind: ClusterRole
33. name: spinnaker-role
34. subjects:
35. - namespace: spinnaker
36. kind: ServiceAccount
37. name: spinnaker-service-account
38. ---
39. apiVersion: v1
40. kind: ServiceAccount
41. metadata:
42. name: spinnaker-service-account
43. namespace: spinnaker