From 8fe822ef3258c2a43d2284112ae50472025dad9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= Date: Sat, 22 Nov 2025 21:45:17 +0000 Subject: [PATCH] modified: .gitea/workflows/casa-services-deploy.yaml modified: .gitea/workflows/monitoring-deploy.yaml modified: monitoring/cicd-rbac.yaml --- .gitea/workflows/casa-services-deploy.yaml | 6 ++++ .gitea/workflows/monitoring-deploy.yaml | 8 +++++- monitoring/cicd-rbac.yaml | 33 ++++++++++++++++++++-- 3 files changed, 44 insertions(+), 3 deletions(-) diff --git a/.gitea/workflows/casa-services-deploy.yaml b/.gitea/workflows/casa-services-deploy.yaml index b70be4a..1a11bcb 100644 --- a/.gitea/workflows/casa-services-deploy.yaml +++ b/.gitea/workflows/casa-services-deploy.yaml @@ -6,7 +6,13 @@ on: - fix/* - main - master + paths: + - 'services/**' + - '.gitea/workflows/casa-services**' pull_request: + paths: + - 'monitoring/**' + - '.gitea/workflows/monitoring**' schedule: - cron: '0 15 * * 0' # every sunday 3 pm diff --git a/.gitea/workflows/monitoring-deploy.yaml b/.gitea/workflows/monitoring-deploy.yaml index 1c38ef5..908c074 100644 --- a/.gitea/workflows/monitoring-deploy.yaml +++ b/.gitea/workflows/monitoring-deploy.yaml @@ -6,7 +6,13 @@ on: - fix/* - main - master + paths: + - 'monitoring/**' + - '.gitea/workflows/monitoring**' pull_request: + paths: + - 'monitoring/**' + - '.gitea/workflows/monitoring**' schedule: - cron: '0 15 * * 0' # every sunday 3 pm @@ -45,5 +51,5 @@ jobs: helm repo add grafana https://grafana.github.io/helm-charts # Install & Upgrade helm upgrade --install promtail grafana/promtail --namespace monitoring \ - --values=./monitoring/promtail/values.yaml --set config.clients[0].url=${LOKI_URL} --debug + --values=./monitoring/promtail/values.yaml --set config.clients[0].url=${LOKI_URL} diff --git a/monitoring/cicd-rbac.yaml b/monitoring/cicd-rbac.yaml index cf73719..fa30b45 100644 --- a/monitoring/cicd-rbac.yaml +++ b/monitoring/cicd-rbac.yaml @@ -7,10 +7,10 @@ metadata: name: ci-cd rules: - apiGroups: [""] - resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"] + resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"] verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] - apiGroups: ["apps"] - resources: ["deployments", "statefulsets"] + resources: ["deployments", "statefulsets","daemonsets"] verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] - apiGroups: ["networking.k8s.io"] resources: ["ingresses"] @@ -18,6 +18,10 @@ rules: - apiGroups: ["traefik.io"] resources: ["ingressroutes"] verbs: ["get", "watch", "list", "create", "update", "patch", "delete"] + +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["get", "list", "create", "update", "patch", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -32,3 +36,28 @@ roleRef: kind: Role name: ci-cd apiGroup: rbac.authorization.k8s.io + +--- + +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ci-cd-cluster +rules: +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings"] + verbs: ["get", "list", "create", "update", "patch", "delete"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ci-cd-clusterbinding +subjects: +- kind: ServiceAccount + name: casa-ci-cd + namespace: home-assistant +roleRef: + kind: ClusterRole + name: ci-cd-cluster + apiGroup: rbac.authorization.k8s.io