homelab/kubernetes/apps/production/drone/runner/rbac.yaml

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone
  namespace: drone-ci
rules:
  - apiGroups:
      - ""
    resources:
      - secrets
    verbs:
      - create
      - delete
  - apiGroups:
      - ""
    resources:
      - pods
      - pods/log
    verbs:
      - get
      - create
      - delete
      - list
      - watch
      - update

---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: drone
  namespace: drone-ci
subjects:
  - kind: ServiceAccount
    name: default
    namespace: drone-ci
roleRef:
  kind: Role
  name: drone
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: drone-deploy-sa
  namespace: public-services
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: public-services
  name: drone-deployment-manager
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["get", "list", "create", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: drone-deployment-manager-binding
  namespace: public-services
subjects:
  - kind: ServiceAccount
    name: drone-deploy-sa
    namespace: public-services
roleRef:
  kind: Role
  name: drone-deployment-manager
  apiGroup: rbac.authorization.k8s.io
re-add drone revert remove drone 2024-09-23 23:59:54 +00:00			`kind: Role`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: drone`
maybe maybe baby 2024-09-24 03:03:42 +00:00			`namespace: drone-ci`
re-add drone revert remove drone 2024-09-23 23:59:54 +00:00			`rules:`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- secrets`
			`verbs:`
			`- create`
			`- delete`
			`- apiGroups:`
			`- ""`
			`resources:`
			`- pods`
			`- pods/log`
			`verbs:`
			`- get`
			`- create`
			`- delete`
			`- list`
			`- watch`
			`- update`

			`---`
			`kind: RoleBinding`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`metadata:`
			`name: drone`
maybe maybe baby 2024-09-24 03:03:42 +00:00			`namespace: drone-ci`
re-add drone revert remove drone 2024-09-23 23:59:54 +00:00			`subjects:`
			`- kind: ServiceAccount`
			`name: default`
maybe maybe baby 2024-09-24 03:03:42 +00:00			`namespace: drone-ci`
re-add drone revert remove drone 2024-09-23 23:59:54 +00:00			`roleRef:`
			`kind: Role`
			`name: drone`
			`apiGroup: rbac.authorization.k8s.io`
maybe maybe baby 2024-09-24 03:03:42 +00:00			`---`
			`apiVersion: v1`
			`kind: ServiceAccount`
			`metadata:`
			`name: drone-deploy-sa`
			`namespace: public-services`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: Role`
			`metadata:`
			`namespace: public-services`
			`name: drone-deployment-manager`
			`rules:`
			`- apiGroups: ["apps"]`
			`resources: ["deployments"]`
			`verbs: ["get", "list", "create", "update", "delete"]`
			`---`
			`apiVersion: rbac.authorization.k8s.io/v1`
			`kind: RoleBinding`
			`metadata:`
			`name: drone-deployment-manager-binding`
			`namespace: public-services`
			`subjects:`
			`- kind: ServiceAccount`
			`name: drone-deploy-sa`
			`namespace: public-services`
			`roleRef:`
			`kind: Role`
			`name: drone-deployment-manager`
			`apiGroup: rbac.authorization.k8s.io`