cert-manager: Add role for Jenkins to access certs
Ansible playbook running as Jenkins jobs need to be able to access the Secret resources containing certificates issued by _cert-manager_ in order to install them on managed nodes. Although not all jobs do this yet, eventually, the _cert-exporter_ will no longer be necessary, as the _certs.git_ repository will not be used anymore.pull/74/head
parent
d48dabca5b
commit
dbbe23aaa5
|
|
@ -0,0 +1,34 @@
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: jenkins
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ''
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
resourceNames:
|
||||
- pyrocufflink-cert
|
||||
- dustinhatchname-cert
|
||||
- hatchchat-cert
|
||||
- tabitha-cert
|
||||
- chmod777-cert
|
||||
- dustinandtabitha-cert
|
||||
- hlc-cert
|
||||
- appsxyz-cert
|
||||
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: jenkins
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: jenkins
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: default
|
||||
namespace: jenkins-jobs
|
||||
|
|
@ -8,6 +8,7 @@ resources:
|
|||
- cert-exporter.yaml
|
||||
- dch-ca-issuer.yaml
|
||||
- secrets.yaml
|
||||
- jenkins.yaml
|
||||
|
||||
configMapGenerator:
|
||||
- name: cert-exporter
|
||||
|
|
|
|||
Loading…
Reference in New Issue