AllardDCS/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e7dc54ae674a34a51a1a11228b3712d2af655705
kubernetes/dev/backstage/service-account.yaml
allard 3602be6e6e change
2025-12-03 11:23:31 +01:00

89 lines
1.5 KiB
YAML
Raw Blame History

apiVersion: v1
kind: ServiceAccount
metadata:
name: backstage
namespace: backstage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: backstage-k8s-reader
rules:
# Core API group
- apiGroups: [""]
resources:
- pods
- services
- configmaps
- endpoints
- resourcequotas
- limitranges
- namespaces
verbs:
- get
- list
- watch
# Apps API group
- apiGroups: ["apps"]
resources:
- deployments
- statefulsets
- daemonsets
- replicasets
verbs:
- get
- list
- watch
# Batch API group
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
# Autoscaling API group
- apiGroups: ["autoscaling"]
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
# Networking API group
- apiGroups: ["networking.k8s.io"]
resources:
- ingresses
verbs:
- get
- list
- watch
# Metrics API group (fix for your last 403)
- apiGroups: ["metrics.k8s.io"]
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: backstage-k8s-reader-binding
subjects:
- kind: ServiceAccount
name: backstage
namespace: backstage
roleRef:
kind: ClusterRole
name: backstage-k8s-reader
apiGroup: rbac.authorization.k8s.io
Reference in New Issue View Git Blame Copy Permalink