K3S-HOME/applications
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fb0fb442516b753c6921ca9fa309858b3a198fdf
applications/mas/rbac.yaml
Mayne0213 79e9fbaeb7 FEAT(mas): add multi-agent system application 
- ArgoCD Application for mas namespace
- Deployment with privileged container, hostPID for K8s access
- RBAC: ServiceAccount, ClusterRoles (viewer/writer)
- ExternalSecrets for API keys and PostgreSQL password
- Ingress at mas0213.kro.kr with Authelia SSO
2026-01-05 16:53:39 +09:00

110 lines
2.1 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
name: mas
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mas-viewer
rules:
- apiGroups: [""]
resources:
- pods
- pods/log
- services
- endpoints
- namespaces
- nodes
- persistentvolumeclaims
- configmaps
verbs: ["get", "list", "watch"]
- apiGroups: ["apps"]
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
verbs: ["get", "list", "watch"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["get", "list", "watch"]
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: ["get", "list", "watch"]
- apiGroups: ["argoproj.io"]
resources:
- applications
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources:
- pods/status
- services/status
verbs: ["get"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mas-viewer-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: mas-viewer
subjects:
- kind: ServiceAccount
name: mas
namespace: mas
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mas-writer
rules:
- apiGroups: [""]
resources:
- pods
- services
- configmaps
- secrets
verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs: ["create", "update", "patch", "delete"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["create", "update", "patch", "delete"]
- apiGroups: [""]
resources:
- namespaces
verbs: ["create", "update", "patch"]
- apiGroups: ["argoproj.io"]
resources:
- applications
verbs: ["create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: mas-writer-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: mas-writer
subjects:
- kind: ServiceAccount
name: mas
namespace: mas
Reference in New Issue View Git Blame Copy Permalink