Mercurial > code > home > repos > photoprism

view roles.yaml @ 8:55a0dc78fc3a default tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
user fix
author drewp@bigasterisk.com
date Sat, 25 Mar 2023 15:24:14 -0700
parents 4bf137b25259
children
line wrap: on
line source

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: photoprism
rules:
  - apiGroups:
      - apps
    resources:
      - deployments
    verbs: ["get", "list", "watch"]
  - apiGroups:
      - ""
    resources:
      - pods
      # for the exec in the cronjob
      - pods/exec
    verbs: ["*"]
  - nonResourceURLs: ["/metrics"]
    verbs: ["get"]
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: photoprism
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: photoprism
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: photoprism
subjects:
  - kind: ServiceAccount
    name: photoprism
    namespace: default
  - kind: ServiceAccount
    name: default
    namespace: default