30 lines
735 B
YAML
30 lines
735 B
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: forgejo-runner
|
|
namespace: forgejo
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: forgejo-runner-deployer
|
|
rules:
|
|
- apiGroups: ["apps"]
|
|
resources: ["deployments"]
|
|
verbs: ["get", "list", "watch", "patch", "update"]
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/log", "services", "configmaps", "secrets"]
|
|
verbs: ["get", "list", "watch"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: forgejo-runner-deployer
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: forgejo-runner-deployer
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: forgejo-runner
|
|
namespace: forgejo
|