infra/kubernetes
1
0
Fork 0
Code Pull Requests 3 Activity

jenkins: Restrict role permissions

Browse Source 
Jenkins doesn't really need full control of all resources in its
namespace.  Rather, it only needs to be able to manage Pod and
PersistentVolumeClaim resources.
This commit is contained in:
Dustin
2022-11-14 20:08:04 -06:00
parent 668b5bf5a9
commit 19ad5023b8
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
jenkins/jenkins.yaml
View File

@@ -2,6 +2,23 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: jenkins name: jenkins
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: jenkins
namespace: jenkins
rules:
- apiGroups:
- ''
resources:
- persistentvolumeclaims
- pods
- pods/exec
verbs:
- '*'
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
@@ -10,8 +27,8 @@ metadata:
namespace: jenkins namespace: jenkins
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: Role
name: edit name: jenkins
subjects: subjects:
- apiGroup: rbac.authorization.k8s.io - apiGroup: rbac.authorization.k8s.io
kind: User kind: User