From 58fad5d347d997f79251568cfaebea2b0b023481 Mon Sep 17 00:00:00 2001 From: Meysam Azad Date: Thu, 2 Jan 2025 13:52:45 +0700 Subject: [PATCH] chore(prowler): add in-cluster rbac resources Release-As: 1.8.1 --- prowler/base/clusterrole.yml | 11 +++++++++++ prowler/base/clusterrolebinding.yml | 13 +++++++++++++ prowler/base/kustomization.yml | 2 ++ 3 files changed, 26 insertions(+) create mode 100644 prowler/base/clusterrole.yml create mode 100644 prowler/base/clusterrolebinding.yml diff --git a/prowler/base/clusterrole.yml b/prowler/base/clusterrole.yml new file mode 100644 index 0000000..6a20e07 --- /dev/null +++ b/prowler/base/clusterrole.yml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: prowler +rules: + - apiGroups: [""] + resources: ["pods", "configmaps", "nodes", "namespaces"] + verbs: ["get", "list", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterrolebindings", "rolebindings", "clusterroles", "roles"] + verbs: ["get", "list", "watch"] diff --git a/prowler/base/clusterrolebinding.yml b/prowler/base/clusterrolebinding.yml new file mode 100644 index 0000000..a1f3516 --- /dev/null +++ b/prowler/base/clusterrolebinding.yml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: prowler +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: prowler +subjects: + - kind: ServiceAccount + name: prowler + namespace: prowler diff --git a/prowler/base/kustomization.yml b/prowler/base/kustomization.yml index e03ff53..05ccdd7 100644 --- a/prowler/base/kustomization.yml +++ b/prowler/base/kustomization.yml @@ -4,6 +4,8 @@ configMapGenerator: - configs.env resources: + - clusterrole.yml + - clusterrolebinding.yml - service.yml - serviceaccount.yml - deployment.yml