Files
@ 290342e75927
Branch filter:
Location: pomerium/00-defs/02-roles.yaml - annotation
290342e75927
2.0 KiB
text/x-yaml
move to ditto
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 | apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
namespace: pomerium
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
- secrets/status
- endpoints/status
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium
verbs:
- get
- list
- watch
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-controller
subjects:
- kind: ServiceAccount
name: pomerium-controller
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-gen-secrets
subjects:
- kind: ServiceAccount
name: pomerium-gen-secrets
namespace: pomerium
|