From ae537b90b7ce3a4eb96944ab3e012df773bc776a Mon Sep 17 00:00:00 2001 From: Damiano Donati Date: Wed, 12 May 2021 10:46:09 +0200 Subject: [PATCH] example: add RBAC --- example/deployment.yaml | 7 ++++--- example/rbac.yaml | 42 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 3 deletions(-) create mode 100644 example/rbac.yaml diff --git a/example/deployment.yaml b/example/deployment.yaml index 21a66b0..b416bb0 100644 --- a/example/deployment.yaml +++ b/example/deployment.yaml @@ -3,6 +3,7 @@ kind: Deployment metadata: name: election-example spec: + replicas: 2 selector: matchLabels: app: election-example @@ -11,6 +12,7 @@ spec: labels: app: election-example spec: + serviceAccountName: election-example containers: - name: test-container image: pstauffer/curl:v1.0.3 @@ -31,7 +33,7 @@ spec: memory: "64Mi" cpu: "100m" - name: elector-sidecar - image: kkosmrli/leader-elector:test + image: kkosmrli/leader-elector:release-0.1.1 imagePullPolicy: Always resources: limits: @@ -42,6 +44,5 @@ spec: args: - "--election=example-election" - "--namespace=default" + - "--locktype=configmaps" - "--port=4040" - replicas: 2 - diff --git a/example/rbac.yaml b/example/rbac.yaml new file mode 100644 index 0000000..de7f692 --- /dev/null +++ b/example/rbac.yaml @@ -0,0 +1,42 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: election-example + namespace: default +rules: +- apiGroups: + - "coordination.k8s.io" + resources: + - leases + verbs: + - get + - create + - update +- apiGroups: + - "" + resources: + - configmaps + - endpoints + verbs: + - get + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: election-example + namespace: default +subjects: + - kind: ServiceAccount + name: election-example +roleRef: + kind: Role + name: election-example + apiGroup: rbac.authorization.k8s.io +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: election-example + namespace: default