Skip to content

Instantly share code, notes, and snippets.

@rssnyder
Created July 24, 2023 20:42
Show Gist options
  • Save rssnyder/448c651ad8a94d4b126d8a9c1520e725 to your computer and use it in GitHub Desktop.
Save rssnyder/448c651ad8a94d4b126d8a9c1520e725 to your computer and use it in GitHub Desktop.
creates a namespace, service account, SA token, cluster role and binding for using CCM in a k8s cluster
apiVersion: v1
kind: Namespace
metadata:
name: harness-delegate-ng
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: harness-delegate-ng
namespace: harness-delegate-ng
---
apiVersion: v1
kind: Secret
metadata:
name: harness-delegate-ng-token
namespace: harness-delegate-ng
annotations:
kubernetes.io/service-account.name: harness-delegate-ng
type: kubernetes.io/service-account-token
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: harness-ccm-visibility
labels:
rules:
- apiGroups:
- ""
resources:
- pods
- nodes
- nodes/proxy
- events
- namespaces
- persistentvolumes
- persistentvolumeclaims
verbs:
- get
- list
- watch
- apiGroups:
- apps
- extensions
resources:
- statefulsets
- deployments
- daemonsets
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- list
- watch
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: harness-ccm-visibility-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: harness-ccm-visibility
subjects:
- kind: ServiceAccount
name: harness-delegate-ng
namespace: harness-delegate-ng
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment