Mayne0213
dfa2a0578e
- gitea-runner: DinD 제거, Host 모드 전환 - gitea-runner: ServiceAccount, RBAC 추가 - gitea ns: zot-registry-credentials ExternalSecret 추가 - argocd ns: zot-registry-credentials ExternalSecret 추가 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
34 lines
707 B
YAML
34 lines
707 B
YAML
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: gitea-runner
|
|
namespace: gitea
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: gitea-runner-kaniko
|
|
rules:
|
|
- apiGroups: ["batch"]
|
|
resources: ["jobs"]
|
|
verbs: ["create", "delete", "get", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["pods", "pods/log"]
|
|
verbs: ["get", "list", "watch"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get"]
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: gitea-runner-kaniko
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: gitea-runner
|
|
namespace: gitea
|
|
roleRef:
|
|
kind: ClusterRole
|
|
name: gitea-runner-kaniko
|
|
apiGroup: rbac.authorization.k8s.io
|