github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/webhook_server_rbac.yaml

github.com/zppinho/prow@v0.0.0-20240510014325-1738badeb017/test/integration/config/prow/cluster/webhook_server_rbac.yaml (about)

     1  apiVersion: v1
     2  kind: ServiceAccount
     3  metadata:
     4    annotations:
     5      iam.gke.io/gcp-service-account: control-plane@k8s-prow.iam.gserviceaccount.com
     6    namespace: default
     7    name: webhook-server
     8  ---
     9  kind: ClusterRole
    10  apiVersion: rbac.authorization.k8s.io/v1
    11  metadata:
    12    namespace: default
    13    name: webhook-server
    14  rules:
    15    - apiGroups:
    16        - "prow.k8s.io"
    17      resources:
    18        - prowjobs
    19      verbs:
    20        - create
    21        - list
    22        - get
    23        - watch
    24        - patch
    25        - update
    26    - apiGroups:
    27        - "admissionregistration.k8s.io"
    28      resources:
    29        - validatingwebhookconfigurations
    30        - mutatingwebhookconfigurations
    31      verbs:
    32        - create
    33        - list
    34        - get
    35        - watch
    36        - patch
    37        - update
    38  ---
    39  kind: ClusterRoleBinding
    40  apiVersion: rbac.authorization.k8s.io/v1
    41  metadata:
    42    namespace: default
    43    name: webhook-server
    44  roleRef:
    45    apiGroup: rbac.authorization.k8s.io
    46    kind: ClusterRole
    47    name: webhook-server
    48  subjects:
    49  - kind: ServiceAccount
    50    name: webhook-server
    51    namespace: default