Files
@ c9e2108bb271
Branch filter:
Location: pomerium/00-defs/02-roles.yaml - annotation
c9e2108bb271
2.0 KiB
text/x-yaml
pom deploy touchups
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 | 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 0071c165e990 | apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
namespace: pomerium
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- services/status
- secrets/status
- endpoints/status
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- get
- patch
- update
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium
verbs:
- get
- list
- watch
- apiGroups:
- ingress.pomerium.io
resources:
- pomerium/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-controller
subjects:
- kind: ServiceAccount
name: pomerium-controller
namespace: pomerium
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/name: pomerium
name: pomerium-gen-secrets
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: pomerium-gen-secrets
subjects:
- kind: ServiceAccount
name: pomerium-gen-secrets
namespace: pomerium
|