modified: .gitea/workflows/casa-services-deploy.yaml

modified: .gitea/workflows/monitoring-deploy.yaml modified: monitoring/cicd-rbac.yaml
2025-11-22 21:45:17 +00:00
parent b02382a4d4
commit 8fe822ef32
3 changed files with 44 additions and 3 deletions
--- a/.gitea/workflows/casa-services-deploy.yaml
+++ b/.gitea/workflows/casa-services-deploy.yaml
@@ -6,7 +6,13 @@ on:
      - fix/*
      - main
      - master
+    paths:
+      - 'services/**'
+      - '.gitea/workflows/casa-services**'
  pull_request:
+    paths:
+      - 'monitoring/**'
+      - '.gitea/workflows/monitoring**'
  schedule:
    - cron: '0 15 * * 0' # every sunday 3 pm

--- a/.gitea/workflows/monitoring-deploy.yaml
+++ b/.gitea/workflows/monitoring-deploy.yaml
@@ -6,7 +6,13 @@ on:
      - fix/*
      - main
      - master
+    paths:
+      - 'monitoring/**'
+      - '.gitea/workflows/monitoring**'
  pull_request:
+    paths:
+      - 'monitoring/**'
+      - '.gitea/workflows/monitoring**'
  schedule:
    - cron: '0 15 * * 0' # every sunday 3 pm

@@ -45,5 +51,5 @@ jobs:
          helm repo add grafana https://grafana.github.io/helm-charts
          # Install & Upgrade
          helm upgrade --install promtail grafana/promtail --namespace monitoring \
-          --values=./monitoring/promtail/values.yaml --set config.clients[0].url=${LOKI_URL} --debug
+          --values=./monitoring/promtail/values.yaml --set config.clients[0].url=${LOKI_URL}
            
--- a/monitoring/cicd-rbac.yaml
+++ b/monitoring/cicd-rbac.yaml
@@ -7,10 +7,10 @@ metadata:
  name: ci-cd
 rules:
 - apiGroups: [""]
-  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints", "serviceaccounts"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["apps"]
-  resources: ["deployments", "statefulsets"]
+  resources: ["deployments", "statefulsets","daemonsets"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
 - apiGroups: ["networking.k8s.io"]
  resources: ["ingresses"]
@@ -18,6 +18,10 @@ rules:
 - apiGroups: ["traefik.io"]
  resources: ["ingressroutes"]
  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterroles", "clusterrolebindings"]
+  verbs: ["get", "list", "create", "update", "patch", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
@@ -32,3 +36,28 @@ roleRef:
  kind: Role
  name: ci-cd
  apiGroup: rbac.authorization.k8s.io
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: ci-cd-cluster
+rules:
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["clusterroles", "clusterrolebindings"]
+  verbs: ["get", "list", "create", "update", "patch", "delete"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: ci-cd-clusterbinding
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: ClusterRole
+  name: ci-cd-cluster
+  apiGroup: rbac.authorization.k8s.io