-
Create the Service Account: Define a service account for Jenkins in the
webappsnamespace:apiVersion: v1 kind: ServiceAccount metadata: name: jenkins namespace: webapps
-
Create Role for Namespace-Scoped Permissions: Define a
Rolefor namespace-specific resources (e.g., PVCs, Deployments):apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: app-role namespace: webapps rules: - apiGroups: - "" resources: - pods - configmaps - secrets - services - persistentvolumeclaims verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: - apps resources: - deployments - replicasets verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
-
Bind the Role to the Service Account: Attach the
Roleto thejenkinsservice account:apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: app-rolebinding namespace: webapps roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: app-role subjects: - kind: ServiceAccount name: jenkins namespace: webapps
-
Create ClusterRole for Cluster-Scoped Resources: Add a
ClusterRolefor cluster-scoped resources like PVs and StorageClasses:apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: jenkins-cluster-role rules: - apiGroups: [""] resources: - persistentvolumes verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] - apiGroups: ["storage.k8s.io"] resources: - storageclasses verbs: ["get", "list", "watch"]
-
Bind the ClusterRole to the Service Account: Create a
ClusterRoleBindingto attach theClusterRoleto thejenkinsservice account:apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: jenkins-cluster-role-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: jenkins-cluster-role subjects: - kind: ServiceAccount name: jenkins namespace: webapps