45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
{{- define "ClusterRole-el" -}}
|
|
---
|
|
kind: ClusterRole
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: {{ template "helpers.labels.fullname" . }}-el
|
|
rules:
|
|
# Permissions for every EventListener deployment to function
|
|
- apiGroups: ["triggers.tekton.dev"]
|
|
resources: ["clustertriggerbindings", "eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
# allow namespaces to be retrieved to validate we haven't already created it already
|
|
resources: ["namespaces"]
|
|
verbs: ["list", "get", "create"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
# allow roles to be retrieved to validate we haven't already created it already
|
|
resources: ["roles"]
|
|
verbs: ["list", "get", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get", "list", "watch", "create"]
|
|
# Permissions to create resources in associated TriggerTemplates
|
|
- apiGroups: ["tekton.dev"]
|
|
resources: ["pipelineruns", "pipelineresources", "taskruns", "pipelines","tasks"]
|
|
verbs: ["create", "get", "list"]
|
|
- apiGroups: [""]
|
|
resources: ["serviceaccounts"]
|
|
verbs: ["impersonate", "get", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "list", "create"]
|
|
- apiGroups: [""]
|
|
resources: ["services"]
|
|
verbs: ["get"]
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments"]
|
|
verbs: ["get"]
|
|
- apiGroups: ["rbac.authorization.k8s.io"]
|
|
resources: ["rolebindings"]
|
|
verbs: ["get", "create"]
|
|
...
|
|
{{- end -}}
|
|
{{- include "helpers.template.overlay" ( dict "Global" $ "template_definition" "ClusterRole-el" ) }}
|