Michael DiLeo
7327d77dcd
Add the redacted source file for demo purposes Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1 Co-authored-by: Michael DiLeo <michael_dileo@proton.me> Co-committed-by: Michael DiLeo <michael_dileo@proton.me>
47 lines
1.1 KiB
YAML
47 lines
1.1 KiB
YAML
---
|
|
# ServiceAccount for init containers that check migration Job status
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: piefed-init-checker
|
|
namespace: piefed-application
|
|
labels:
|
|
app.kubernetes.io/name: piefed
|
|
app.kubernetes.io/component: init-checker
|
|
---
|
|
# Role allowing read access to Jobs in this namespace
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: piefed-init-checker
|
|
namespace: piefed-application
|
|
labels:
|
|
app.kubernetes.io/name: piefed
|
|
app.kubernetes.io/component: init-checker
|
|
rules:
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/log"]
|
|
verbs: ["get", "list"]
|
|
---
|
|
# RoleBinding to grant the ServiceAccount the Role permissions
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: piefed-init-checker
|
|
namespace: piefed-application
|
|
labels:
|
|
app.kubernetes.io/name: piefed
|
|
app.kubernetes.io/component: init-checker
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: piefed-init-checker
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: piefed-init-checker
|
|
namespace: piefed-application
|
|
|