housekeeping

manifests/Tekton/service-accounts/cluster-role-binding.yaml

@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRoleBinding
+metadata:
+  name: allow-creation-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: allow-creation
+subjects:
+  - kind: ServiceAccount
+    name: service-acc
+    namespace: default

manifests/Tekton/service-accounts/cluster-role.yaml

@@ -0,0 +1,43 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: allow-creation
+rules:
+  - apiGroups:
+      - ""
+      - "apps"
+      - "deploy"
+      - "rbac.authorization.k8s.io"
+      - "networking.k8s.io"
+      - "extensions"
+      - "tekton.dev"
+# deze zullen we ook moeten aanpassen elke pipeline die we maken, maar, deze pipelines zijn nu specifiek per branch, dus dit zou geen probleem leveren.
+    resources:
+      - pods
+      - serviceaccounts
+      - namespaces
+      - services
+      - deployments
+      - deployments.apps
+      - clusterroles
+      - roles
+      - clusterrolebindings
+      - rolebindings
+      - ingresses
+      - eventlisteners
+      - triggerbindings
+      - triggertemplates
+      - configmaps
+      - secrets
+      - pipelineruns
+      - pipelineresources
+      - taskruns
+    verbs:
+      - list
+      - watch
+      - get
+      - create
+      - update
+      - patch
+      - delete

manifests/Tekton/service-accounts/service-account.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: service-acc
+secrets:
+  - name: regcred #docker registry credentials