From 8fed4a08c51b164dc8def917d2810050a1d342e4 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 15 Jan 2026 00:41:28 -0300 Subject: [PATCH] health: allow portal wger sync --- services/bstein-dev-home/rbac.yaml | 31 ------------------------------ services/health/kustomization.yaml | 1 + services/health/portal-rbac.yaml | 31 ++++++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 31 deletions(-) create mode 100644 services/health/portal-rbac.yaml diff --git a/services/bstein-dev-home/rbac.yaml b/services/bstein-dev-home/rbac.yaml index 7ce8fd8..f97ed24 100644 --- a/services/bstein-dev-home/rbac.yaml +++ b/services/bstein-dev-home/rbac.yaml @@ -106,34 +106,3 @@ subjects: - kind: ServiceAccount name: bstein-dev-home namespace: bstein-dev-home ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: bstein-dev-home-wger-user-sync - namespace: health -rules: - - apiGroups: ["batch"] - resources: ["cronjobs"] - verbs: ["get"] - resourceNames: ["wger-user-sync"] - - apiGroups: ["batch"] - resources: ["jobs"] - verbs: ["create", "get", "list", "watch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: bstein-dev-home-wger-user-sync - namespace: health -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: bstein-dev-home-wger-user-sync -subjects: - - kind: ServiceAccount - name: bstein-dev-home - namespace: bstein-dev-home diff --git a/services/health/kustomization.yaml b/services/health/kustomization.yaml index 9d21923..4dccf8c 100644 --- a/services/health/kustomization.yaml +++ b/services/health/kustomization.yaml @@ -5,6 +5,7 @@ namespace: health resources: - namespace.yaml - serviceaccount.yaml + - portal-rbac.yaml - wger-media-pvc.yaml - wger-static-pvc.yaml - wger-admin-ensure-cronjob.yaml diff --git a/services/health/portal-rbac.yaml b/services/health/portal-rbac.yaml new file mode 100644 index 0000000..cd9acd1 --- /dev/null +++ b/services/health/portal-rbac.yaml @@ -0,0 +1,31 @@ +# services/health/portal-rbac.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: bstein-dev-home-wger-user-sync + namespace: health +rules: + - apiGroups: ["batch"] + resources: ["cronjobs"] + verbs: ["get"] + resourceNames: ["wger-user-sync"] + - apiGroups: ["batch"] + resources: ["jobs"] + verbs: ["create", "get", "list", "watch"] + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: bstein-dev-home-wger-user-sync + namespace: health +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: bstein-dev-home-wger-user-sync +subjects: + - kind: ServiceAccount + name: bstein-dev-home + namespace: bstein-dev-home