github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/deck_rbac.yaml

github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/deck_rbac.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    namespace: default
     5    annotations:
     6      iam.gke.io/gcp-service-account: control-plane@k8s-prow.iam.gserviceaccount.com
     7    name: deck
     8  ---
     9  kind: Role
    10  apiVersion: rbac.authorization.k8s.io/v1
    11  metadata:
    12    namespace: default
    13    name: deck
    14  rules:
    15  - apiGroups:
    16    - "prow.k8s.io"
    17    resources:
    18    - prowjobs
    19    verbs:
    20    - get
    21    - list
    22    - watch
    23    # Required when deck runs with `--rerun-creates-job=true`
    24    - create
    25    # Required to abort jobs
    26    - patch
    27  ---
    28  kind: Role
    29  apiVersion: rbac.authorization.k8s.io/v1
    30  metadata:
    31    namespace: test-pods
    32    name: deck
    33  rules:
    34  - apiGroups:
    35    - ""
    36    resources:
    37    - pods/log
    38    verbs:
    39    - get
    40  ---
    41  kind: RoleBinding
    42  apiVersion: rbac.authorization.k8s.io/v1
    43  metadata:
    44    namespace: default
    45    name: deck
    46  roleRef:
    47    apiGroup: rbac.authorization.k8s.io
    48    kind: Role
    49    name: deck
    50  subjects:
    51  - kind: ServiceAccount
    52    name: deck
    53  ---
    54  kind: RoleBinding
    55  apiVersion: rbac.authorization.k8s.io/v1
    56  metadata:
    57    namespace: test-pods
    58    name: deck
    59  roleRef:
    60    apiGroup: rbac.authorization.k8s.io
    61    kind: Role
    62    name: deck
    63  subjects:
    64  - kind: ServiceAccount
    65    name: deck
    66    namespace: default