feat(k8s): add cluster read-only access resources

2026-03-26 11:02:00 -07:00
parent 7ed5383d10
commit 88fafab27e
5 changed files with 53 additions and 0 deletions
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: lan-readonly-binding
+subjects:
+- kind: ServiceAccount
+  name: lan-readonly
+  namespace: swarm
+roleRef:
+  kind: ClusterRole
+  name: cluster-readonly
+  apiGroup: rbac.authorization.k8s.io
@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-readonly
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "watch"]
+- nonResourceURLs: ["*"]
+  verbs: ["get", "list", "watch"]
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: lan-readonly
+  namespace: swarm
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: lan-readonly-token
+  namespace: swarm
+  annotations:
+    kubernetes.io/service-account.name: lan-readonly
+type: kubernetes.io/service-account-token
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURBRENDQWVpZ0F3SUJBZ0lVRFo5czlRNHBrT24vK3B1UUxjbk5MTDRYSWxZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0dERVdNQlFHQTFVRUF4TU5hM1ZpWlhKdVpYUmxjeTFqWVRBZUZ3MHlOVEV3TVRZeE5qVTBNREJhRncwegpOVEV3TVRReE5qVTBNREJhTUJneEZqQVVCZ05WQkFNVERXdDFZbVZ5Ym1WMFpYTXRZMkV3Z2dFaU1BMEdDU3FHClNJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUURDNWljWTRzb3hSL1FrV3VFS0NPaFUrMFdYMFcyeUwvbFMKZk05a2tXQjk2a1pka0JQYlRNMW9vY1lURng3VmY2cWNpaFJRaThpT0lUTGpPK0xhQzk2VXNlMGFDUmdCYTZhYgpQQ1JFOXlBTWkrZ0ZITDN6bVNPa3VrdVU2WlNBNXFUU3JXUjM4d2UvUTB4bFlLR05JdlExVWE3ZHZzQkRkbjhYCmtjcTM3dFdNeGl4OGRCUWhZNUY1bVduZFFGTzUwR0NiSWNOTytBbFc3Qis3UFlGMzd3ckVQOUpzSFAwQS9sUTEKWm1NMUJSY2p2UkxMUVBGUVhhRnYrRXZpZmpmK0VKNTdxZVo1UzRuZkpickJpc1VaQWNxelJ2ZFBVM1FiT0gzKwpzTytaT0NaRWxmWWx6OXkzSWgzS2RzOUk4cithSG4reTIvbWNPQ2haN0hQTEdpZjA2MGZCQWdNQkFBR2pRakJBCk1BNEdBMVVkRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJReUFGMWEKdkRkbVhVb0tKNWhXd29RL2p4SlUyekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBbTZjUjVVS2t2YXkzd3h4ZQpmRU9waW9yUHIxeWRncGhtRFk0Z1U4bW9EanNZamVqdkxmMFNwS053ckd3UWJhSjZRNnFLOS9qNnBUZVRYZ0VGCmRaNE9FRGVVbW5xaGlaVXk1VnlIY05RUG9SUkJ6QUtxSVpFQkJONXQrb1ZRU0MvZzJEL1VZWTlKUzVmdlJWRUcKV3BRdVpMMS9UUGVvSk1qUDNkOGRxZVNYMVBscXprWE9HTWFka2kvRC9PTitMVENETnBoYmFPMGhTd3NsSncydwpjanRDSllpTCs0Vmh3d3hhbXNFVkgzQzBmaVM1OWNoR2dwTjQxNm1HQ21reWc2Qzl5bXg0TVhNYUN4VGlVanovCjQweHZ5YmNtTnNyS2EwdTZmNk9zTFZtM0t6dFpRdW15QkhzN3RYZ2RjeHNYZUtBanJUQktMWWkvbi9YQkwvMGYKTmdPbEV3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
+    server: https://192.168.153.210:6443
+  name: lan-cluster
+contexts:
+- context:
+    cluster: lan-cluster
+    user: lan-readonly
+    namespace: default
+  name: lan-readonly-context
+current-context: lan-readonly-context
+users:
+- name: lan-readonly
+  user:
+    token: eyJhbGciOiJSUzI1NiIsImtpZCI6InZ6ZldlQ2RzNU44NkdHTmhJNVo2d1lFSWd3SUFJNjFvTmxvV3NKTHRTUUkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJzd2FybSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJsYW4tcmVhZG9ubHktdG9rZW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoibGFuLXJlYWRvbmx5Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiMjY1N2UzYmItZjY0ZS00YzVhLTg1ZTEtZjliMGE5MTA4NjEzIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnN3YXJtOmxhbi1yZWFkb25seSJ9.UA1i1Gxb2bR7AXGCzyJ3Yfz2XksKeC3GnSQ4-y-Yq9xqtO56B5Z62A_bMBhvcJPc-wtACtXz-MbMd_e9lzBPFpLlfaqvlq8L5GuBK9hboprN-qLuY8ZyrWPlisA1YMMBnWFOwbRK_QU6mR6upaZGNZUNNlPopfa8l9yoURwhxbzwJlEw2m1e5n3oOWTXQL0DzddKrYmNicvLI9heNihkphWuMfgovOO699VAmDCTLD2etflLz2pZJi1zZUC1X1bJ-tV6-Orhxmdyfn7-gX4aAQnmI9lVe1Jn9TBeAR2m38ZLbgb6DAuSgEAdtNIQW1CoZSKNkMKPujMozpeNEQGJuw