Priority
None
User Story
As a greenhouse support group member, they should be able to create token requests to their team service accounts.
Description
Support group team members should be able to create token request to their team service account, so that they can use it in a CI environment to apply greenhouse resources.
Additionally the Service Account should also have permissions to do token request as well so they can rotate themselves.
Role
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: <team>-sa-token-request
rules:
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
resourceNames:
- <team>-sa
RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: <team>-sa-token-request
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: <team>-sa-token-request
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: support-group:<team>
- kind: ServiceAccount
name: <team>-sa
Acceptance Criteria
Reference Issues
No response
Priority
None
User Story
Description
Support group team members should be able to create token request to their team service account, so that they can use it in a CI environment to apply greenhouse resources.
Additionally the Service Account should also have permissions to do token request as well so they can rotate themselves.
Role
RoleBinding
Acceptance Criteria
serviceaccounts/tokensupport-group:<team>group and team SAReference Issues
No response