limbosolutions.com/git.limbosolutions.com
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Wiki Activity

added continuous-deploy service account and RBAC

Browse Source
This commit is contained in:
Márcio Fernandes
2025-11-29 04:10:40 +00:00
parent d0d8331e9a
commit f32d574347
6 changed files with 51 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -8,7 +8,6 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
- [App](#app) - [App](#app)
- [Continuous Deploy](#continuous-deploy) - [Continuous Deploy](#continuous-deploy)
- [Infra](#infra) - [Infra](#infra)
- [All](#all)
- [Backups](#backups) - [Backups](#backups)
## Deploy ## Deploy
@@ -31,6 +30,7 @@ Using [gitea](https://git.limbosolutions.com/kb/gitea) as git server.
### Continuous Deploy ### Continuous Deploy
Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml). Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy.yaml).
kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d
### Infra ### Infra
@@ -40,12 +40,6 @@ Executes [App Deploy](#app) using [Gitea workflow](./.gitea/workflows/app-deploy
- [kustomization](/deploy/infra/kustomization.yaml) - [kustomization](/deploy/infra/kustomization.yaml)
### All
```bash
./deploy/apply.sh
```
## Backups ## Backups
for more information [check readme](./docs/backups.md). for more information [check readme](./docs/backups.md).

3
deploy/apply-all.sh
View File

@@ -1,3 +0,0 @@
#/bin/bash
deploy/apply-infra.sh
deploy/apply-app.sh

33
deploy/infra/cd-service-account-rbac.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: git-limbosolutions-com
name: continuous-deploy
rules:
- apiGroups: [""]
resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["apps"]
resources: ["deployments", "statefulsets"]
verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
- apiGroups: ["batch"]
resources: ["cronjobs", "jobs"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: continuous-deploy
namespace: git-limbosolutions-com
subjects:
- kind: ServiceAccount
name: continuous-deploy
namespace: git-limbosolutions-com
roleRef:
kind: Role
name: continuous-deploy
apiGroup: rbac.authorization.k8s.io

8
deploy/infra/cd-service-account-token.yaml Normal file
View File

@@ -0,0 +1,8 @@
apiVersion: v1
kind: Secret
metadata:
name: continuous-deploy
annotations:
kubernetes.io/service-account.name: continuous-deploy
type: kubernetes.io/service-account-token

6
deploy/infra/cd-service-account.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: continuous-deploy
namespace: git-limbosolutions-com

4
deploy/infra/kustomization.yaml
View File

@@ -3,5 +3,7 @@ kind: Kustomization
resources: resources:
- namespace.yaml - namespace.yaml
- ingress.yaml - ingress.yaml
- cd-service-account.yaml
- cd-service-account-token.yaml
- cd-service-account-rbac.yaml