dev/tekton-demo
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test update

Browse Source
This commit is contained in:
icurfer
2025-08-04 17:27:13 +09:00
parent 4e125a8456
commit 37b2474419
1 changed files with 17 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
sample-build/01-serviceaccount.yaml
View File

@ -1,9 +1,16 @@
# Tekton 빌드 및 트리거 공용 ServiceAccount
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: tekton-triggers-sa name: tekton-build-sa
namespace: tekton-demo namespace: tekton-demo
secrets:
- name: harbor-dockerconfig # Harbor 인증용 Secret
imagePullSecrets:
- name: harbor-dockerconfig # Docker 인증 정보 사용
--- ---
# Tekton 파이프라인 실행 및 리소스 접근 권한(Role)
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: Role kind: Role
metadata: metadata:
@ -15,10 +22,11 @@ rules:
verbs: ["get", "list", "watch", "create", "update", "delete"] verbs: ["get", "list", "watch", "create", "update", "delete"]
--- ---
# RoleBinding - 해당 네임스페이스에서 tekton-build-sa에 Role 부여
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding kind: RoleBinding
metadata: metadata:
name: tekton-build-sa-binding name: tekton-build-rolebinding
namespace: tekton-demo namespace: tekton-demo
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
@ -27,19 +35,15 @@ roleRef:
kind: Role kind: Role
name: tekton-build-role name: tekton-build-role
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
--- ---
apiVersion: v1 # Tekton Triggers(ClusterScope)용 권한
kind: ServiceAccount
metadata:
name: tekton-build-sa
namespace: tekton-demo
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: tekton-triggers-role name: tekton-triggers-role
rules: rules:
- apiGroups: [""] # core API - apiGroups: [""]
resources: ["pods", "services", "endpoints", "configmaps", "secrets"] resources: ["pods", "services", "endpoints", "configmaps", "secrets"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: ["apps"] - apiGroups: ["apps"]
@ -48,11 +52,13 @@ rules:
- apiGroups: ["triggers.tekton.dev"] - apiGroups: ["triggers.tekton.dev"]
resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"] resources: ["eventlisteners", "triggerbindings", "triggertemplates", "triggers"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
--- ---
# ClusterRoleBinding - tekton-build-sa에 Triggers ClusterRole 부여
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: tekton-build-sa-binding name: tekton-triggers-clusterrolebinding
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: tekton-build-sa name: tekton-build-sa
@ -60,5 +66,4 @@ subjects:
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: tekton-triggers-role