Add RBAC configuration (#135)

* RBAC resources manifests * Add service account reference * Fix apiGroups
2017-04-13 23:17:25 +02:00
parent 1181f36c0c
commit b1150b797f
2 changed files with 34 additions and 0 deletions
--- a/deploy/auth.yaml
+++ b/deploy/auth.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kube-ops-view
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: kube-ops-view
+rules:
+- apiGroups: [""]
+  resources: ["nodes", "pods"]
+  verbs:
+    - list
+- apiGroups: [""]
+  resources: ["services/proxy"]
+  resourceNames: ["heapster"]
+  verbs:
+    - get
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: kube-ops-view
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kube-ops-view
+subjects:
+- kind: ServiceAccount
+  name: kube-ops-view
+  namespace: default
--- a/deploy/deployment.yaml
+++ b/deploy/deployment.yaml
@@ -16,6 +16,7 @@ spec:
        application: kube-ops-view
        version: v0.0.1
    spec:
+      serviceAccount: kube-ops-view
      containers:
      - name: service
        image: hjacobs/kube-ops-view:latest