--- apiVersion: v1 kind: ServiceAccount metadata: name: jenkins-operator --- # permissions to do leader election. apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: leader-election-role rules: - apiGroups: - "" - coordination.k8s.io resources: - configmaps - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- kind: Role apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-operator rules: - apiGroups: - apps resources: - daemonsets - deployments - replicasets - statefulsets verbs: - '*' - apiGroups: - apps - jenkins-operator resources: - deployments/finalizers verbs: - update - apiGroups: - build.openshift.io resources: - buildconfigs - builds verbs: - get - list - watch - apiGroups: - "" resources: - configmaps - secrets - services verbs: - create - get - list - update - watch - apiGroups: - "" resources: - events verbs: - create - get - list - patch - watch - apiGroups: - "" resources: - persistentvolumeclaims verbs: - get - list - watch - apiGroups: - "" resources: - pods verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - pods - pods/exec verbs: - '*' - apiGroups: - "" resources: - pods/log verbs: - get - list - watch - apiGroups: - "" resources: - pods/portforward verbs: - create - apiGroups: - "" resources: - serviceaccounts verbs: - create - get - list - update - watch - apiGroups: - image.openshift.io resources: - imagestreams verbs: - get - list - watch - apiGroups: - jenkins.io resources: - jenkins/finalizers verbs: - update - apiGroups: - jenkins.io resources: - jenkins/status verbs: - get - patch - update - apiGroups: - jenkins.io resources: - '*' verbs: - '*' - apiGroups: - rbac.authorization.k8s.io resources: - rolebindings - roles verbs: - create - get - list - update - watch - apiGroups: - "route.openshift.io" resources: - routes verbs: - create - get - list - update - watch - apiGroups: - "image.openshift.io" resources: - imagestreams verbs: - get - list - watch - apiGroups: - "build.openshift.io" resources: - builds - buildconfigs verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: leader-election-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: leader-election-role subjects: - kind: ServiceAccount name: jenkins-operator --- kind: RoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: jenkins-operator subjects: - kind: ServiceAccount name: jenkins-operator roleRef: kind: Role name: jenkins-operator apiGroup: rbac.authorization.k8s.io --- apiVersion: apps/v1 kind: Deployment metadata: name: jenkins-operator labels: app.kubernetes.io/name: jenkins-operator helm.sh/chart: jenkins-operator-0.8.0 app.kubernetes.io/version: "0.8.0" spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: jenkins-operator template: metadata: labels: app.kubernetes.io/name: jenkins-operator spec: serviceAccountName: jenkins-operator containers: - name: jenkins-operator image: quay.io/jenkins-kubernetes-operator/operator:v0.8.0 imagePullPolicy: IfNotPresent ports: - name: http containerPort: 80 protocol: TCP command: - /manager args: livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 env: - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: OPERATOR_NAME value: "jenkins-operator" resources: limits: cpu: 100m memory: 120Mi requests: cpu: 100m memory: 120Mi