Skip to content

D
demo-infra-jenkins
Switch branch/tag
Find file Normal viewHistoryPermalink
jenkins-backup-rbac.yaml 1.85 KB
Newer Older
João Lino's avatar
Initial commit is a fork from the stable helm chart for jenkins, in git lab.  
João Lino committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 
{{- if .Values.backup.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
  name: {{ template "jenkins.fullname" . }}-backup
  namespace: {{ template "jenkins.namespace" . }}
  labels:
    "app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
    "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}"
    "app.kubernetes.io/managed-by": "{{ .Release.Service }}"
    "app.kubernetes.io/instance": "{{ .Release.Name }}"
    "app.kubernetes.io/component": "{{ .Values.master.componentName }}"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ template "jenkins.fullname" . }}-backup
  namespace: {{ template "jenkins.namespace" . }}
  labels:
    "app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
    "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}"
    "app.kubernetes.io/managed-by": "{{ .Release.Service }}"
    "app.kubernetes.io/instance": "{{ .Release.Name }}"
    "app.kubernetes.io/component": "{{ .Values.master.componentName }}"
rules:
- apiGroups: [""]
  resources: ["pods", "pods/log"]
  verbs: ["get", "list"]
- apiGroups: [""]
  resources: ["pods/exec"]
  verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ template "jenkins.fullname" . }}-backup
  namespace: {{ template "jenkins.namespace" . }}
  labels:
    "app.kubernetes.io/name": '{{ template "jenkins.name" .}}'
    "helm.sh/chart": "{{ .Chart.Name }}-{{ .Chart.Version }}"
    "app.kubernetes.io/managed-by": "{{ .Release.Service }}"
    "app.kubernetes.io/instance": "{{ .Release.Name }}"
    "app.kubernetes.io/component": "{{ .Values.master.componentName }}"
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ template "jenkins.fullname" . }}-backup
subjects:
- kind: ServiceAccount
  name: {{ template "jenkins.fullname" . }}-backup
  namespace: {{ template "jenkins.namespace" . }}
{{- end }}