Skip to content

Commit

Permalink
ci(k8s): added rbac to k8s serviceAccount (#376)
Browse files Browse the repository at this point in the history 
* ci(k8s): added rbac to k8s serviceAccount

* Automatic application of license header

---------

Co-authored-by: License Bot <[email protected]>
  • Loading branch information
@drochow
drochow and License Bot authored Nov 15, 2024
1 parent 08f69cf commit 00a7c36
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions scanner/k8s-assets/chart/k8s-assets-scanner/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and Greenhouse contributors
# SPDX-License-Identifier: Apache-2.0

# templates/rbac.yaml
{{- if .Values.serviceAccount.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "k8s-assets-scanner.fullname" . }}
labels:
{{- include "k8s-assets-scanner.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "k8s-assets-scanner.fullname" . }}
labels:
{{- include "k8s-assets-scanner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "k8s-assets-scanner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "k8s-assets-scanner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}

0 comments on commit 00a7c36

Please sign in to comment.