Update k8s manifests

2026-03-10 19:40:59 +08:00 · 2026-03-10 19:40:59 +08:00 · f1c8cea052
commit f1c8cea052
parent fcd11de87c
2 changed files with 44 additions and 0 deletions
--- a/k8s/infrastructure/coredns-ci-rbac.yaml
+++ b/k8s/infrastructure/coredns-ci-rbac.yaml
@ -0,0 +1,43 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: coredns-ci
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: coredns-configmap-editor
+  namespace: kube-system
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    resourceNames: ["coredns-custom"]
+    verbs: ["get", "update", "patch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    resourceNames: ["coredns"]
+    verbs: ["get", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: coredns-ci-binding
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: coredns-configmap-editor
+subjects:
+  - kind: ServiceAccount
+    name: coredns-ci
+    namespace: kube-system
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: coredns-ci-token
+  namespace: kube-system
+  annotations:
+    kubernetes.io/service-account.name: coredns-ci
+type: kubernetes.io/service-account-token
--- a/k8s/infrastructure/kustomization.yaml
+++ b/k8s/infrastructure/kustomization.yaml
@ -11,3 +11,4 @@ resources:
  - keycloak/helmrelease.yaml
  - oidc-rbac.yaml
  - coredns-custom.yaml
+  - coredns-ci-rbac.yaml