Added RBAC

2025-03-25 14:05:03 +00:00 · 2024-12-06 02:06:35 +04:00
parent 41ba111a69
commit adb0819102
2 changed files with 50 additions and 0 deletions
--- a/k8-operator/config/rbac/infisicalpushsecret_editor_role.yaml
+++ b/k8-operator/config/rbac/infisicalpushsecret_editor_role.yaml
@ -0,0 +1,27 @@
+# permissions for end users to edit infisicalpushsecrets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: k8-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: infisicalpushsecret-editor-role
+rules:
+  - apiGroups:
+      - secrets.infisical.com
+    resources:
+      - infisicalpushsecrets
+    verbs:
+      - create
+      - delete
+      - get
+      - list
+      - patch
+      - update
+      - watch
+  - apiGroups:
+      - secrets.infisical.com
+    resources:
+      - infisicalpushsecrets/status
+    verbs:
+      - get
--- a/k8-operator/config/rbac/infisicalpushsecret_viewer_role.yaml
+++ b/k8-operator/config/rbac/infisicalpushsecret_viewer_role.yaml
@ -0,0 +1,23 @@
+# permissions for end users to view infisicalpushsecrets.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: k8-operator
+    app.kubernetes.io/managed-by: kustomize
+  name: infisicalpushsecret-viewer-role
+rules:
+  - apiGroups:
+      - secrets.infisical.com
+    resources:
+      - infisicalpushsecrets
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - secrets.infisical.com
+    resources:
+      - infisicalpushsecrets/status
+    verbs:
+      - get