diff --git a/README.md b/README.md index df260ce..d4b281e 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ Currently hosted on [homesrv01.dev.lan](/marcio.fernandes/homesrv01.dev.lan). ## Table of Contents -- [Docker](#docker) +- [Namespace](#namespace) - [Volumes](#volumes) - [data](#data) - [music](#music) @@ -15,9 +15,12 @@ Currently hosted on [homesrv01.dev.lan](/marcio.fernandes/homesrv01.dev.lan). - [Clients](#clients) - [Links](#links) -## Docker +## Namespace -[Docker Compose](./docker-compose.yml) +```bash { cwd=../ terminalRows=15 } +# from repo root folder +kubectl create namespace lms +``` ### Volumes diff --git a/deploy/lms-deploy.yaml b/deploy/lms-deploy.yaml index 7d253dd..da53229 100644 --- a/deploy/lms-deploy.yaml +++ b/deploy/lms-deploy.yaml @@ -1,10 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: lyrionmusicserver - ---- - apiVersion: v1 kind: Service metadata: diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml new file mode 100644 index 0000000..8d641d5 --- /dev/null +++ b/deploy/rbac.yaml @@ -0,0 +1,32 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + namespace: lyrionmusicserver + name: ci-cd +rules: +- apiGroups: [""] + resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] +- apiGroups: ["apps"] + resources: ["deployments", "statefulsets"] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses"] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] +- apiGroups: ["traefik.io"] + resources: ["ingressroutes"] + verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ci-cd + namespace: lyrionmusicserver +subjects: +- kind: ServiceAccount + name: casa-ci-cd + namespace: home-assistant +roleRef: + kind: Role + name: ci-cd + apiGroup: rbac.authorization.k8s.io