Access kube api inside the cluster.

2022-10-14 20:50:28 -04:00 · 2022-10-14 20:50:28 -04:00 · d8fe7e598e
parent 2540985a20
commit d8fe7e598e
2 changed files with 44 additions and 0 deletions
--- a/runs/k8s-action-test.yaml
+++ b/runs/k8s-action-test.yaml
@ -0,0 +1,13 @@
+
+apiVersion: tekton.dev/v1beta1
+kind: TaskRun
+metadata:
+  name: k8s-action-test
+spec:
+  serviceAccountName: internal-kubectl
+  taskRef:
+    name: kubernetes-actions
+  params:
+    - name: script
+      value: |
+        kubectl get deploy
--- a/serviceaccounts/internal-kubectl.yaml
+++ b/serviceaccounts/internal-kubectl.yaml
@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: internal-kubectl
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: modify-deployments
+rules:
+  - apiGroups: ["apps"]
+    resources:
+      - deployments
+    verbs:
+      - get
+      - list
+      - delete
+      - update
+      - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: modify-deployments-to-sa
+subjects:
+  - kind: ServiceAccount
+    name: internal-kubectl
+roleRef:
+  kind: Role
+  name: modify-deployments
+  apiGroup: rbac.authorization.k8s.io