Add support of existing role
Add possibility to use existing role. If rbac.useExistingRole
is defined the value of rbac.useExistingRole
will be used as a role name, otherwise cluster-admin
role will be used.
Use case: use a role with limited access in case using a shared agent with "impersonate" feature. Example of role definition:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: limited-impersonator
rules:
# Can impersonate only service accounts
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["impersonate"]
Edited by Oleksii Chupryn