diff --git a/charts/lagoon-build-deploy/Chart.yaml b/charts/lagoon-build-deploy/Chart.yaml index b639ef5e..4ce5c160 100644 --- a/charts/lagoon-build-deploy/Chart.yaml +++ b/charts/lagoon-build-deploy/Chart.yaml @@ -16,11 +16,11 @@ kubeVersion: ">= 1.23.0-0" type: application -version: 0.26.2 +version: 0.26.3 appVersion: v0.15.4 annotations: artifacthub.io/changes: | - kind: changed - description: update remote-controller to v0.15.4 + description: added clusterroles for tasks and builds diff --git a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml index 5684f5a5..79ed6ad4 100644 --- a/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml +++ b/charts/lagoon-build-deploy/templates/clusterrolebinding.yaml @@ -12,3 +12,31 @@ roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-builds + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoonbuilds"] + verbs: ["*"] +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ include "lagoon-build-deploy.fullname" . }}-tasks + labels: + {{- include "lagoon-build-deploy.labels" . | nindent 4 }} + # Add these permissions to the "admin" and "edit" default roles. + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: ["crd.lagoon.sh"] + resources: ["lagoontasks"] + verbs: ["*"] \ No newline at end of file