Skip to content

Commit

Permalink
Add permissions for broker secret (#25)
Browse files Browse the repository at this point in the history
  • Loading branch information
@georgifarashev @dzahariev
georgifarashev authored and dzahariev committed Aug 21, 2018
1 parent 91260c1 commit 5671b26
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions charts/service-broker-proxy/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,43 @@ subjects:
- kind: ServiceAccount
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
namespace: {{ .Release.Namespace }}
name: {{ template "service-broker-proxy.fullname" . }}-regsecretviewer
labels:
app: {{ template "service-broker-proxy.name" . }}
chart: {{ template "service-broker-proxy.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups: [""]
resources: ["secrets"]
resourceNames:
- {{ template "service-broker-proxy.fullname" . }}-regsecret
verbs: ["get"]

---

kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "service-broker-proxy.name" . }}
chart: {{ template "service-broker-proxy.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
kind: Role
name: {{ template "service-broker-proxy.fullname" . }}-regsecretviewer
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ template "service-broker-proxy.fullname" . }}
namespace: {{ .Release.Namespace }}

0 comments on commit 5671b26

Please sign in to comment.