diff --git a/website/static/service-account.yaml b/website/static/service-account.yaml new file mode 100644 index 0000000000..722d0970f6 --- /dev/null +++ b/website/static/service-account.yaml @@ -0,0 +1,102 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: authentik + namespace: ##NAMESPACE## +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: authentik + namespace: ##NAMESPACE## +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: authentik +subjects: + - kind: ServiceAccount + name: authentik + namespace: ##NAMESPACE## +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: authentik + namespace: ##NAMESPACE## +rules: + - apiGroups: + - "" + resources: + - secrets + - services + - configmaps + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - traefik.containo.us + resources: + - middlewares + verbs: + - get + - create + - delete + - list + - patch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: authentik +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: authentik +subjects: + - kind: ServiceAccount + name: authentik + namespace: ingress +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: authentik +rules: + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list