feat(coder): add RBAC configuration for coder access to secrets

qjoly · Jan 11, 2025 · ca1a6bc · ca1a6bc
1 parent 10c9e79
commit ca1a6bc
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 0 deletions.
diff --git a/cortado/apps/coder/access.yaml b/cortado/apps/coder/access.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: coder-secrets-access
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: secret-reader
+subjects:
+  - kind: ServiceAccount
+    name: coder-code-server
+    namespace: coder
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secret-reader
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "watch"]
diff --git a/cortado/apps/coder/kustomization.yaml b/cortado/apps/coder/kustomization.yaml
@@ -3,3 +3,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - app.yaml
+  - access.yaml