Add role and role binding related objects and HTTP service

We want to achieve the following things.

First we need to add an existing role which can be used by OCS and has the required permissions. The templated files should create the following resources:

# permissions to create pods and secrets for OCS
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: gitlab-agent-ocs
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  - pods
  verbs:
  - get
  - create
  - delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: gitlab-agent-ocs
subjects:
- name: gitlab-agent
  kind: ServiceAccount
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: gitlab-agent-ocs

Secondly we would like to introduce a Service for the HTTP server:

apiVersion: v1
kind: Service
metadata:
  name: http-listener
  namespace: gitlab-agent
  labels:
    app: gitlab-agent
spec:
  type: NodePort
  ports:
    - protocol: TCP
      port: 3000
      targetPort: 3000
      name: http
  selector:
    app: gitlab-agent

Thirdly we bind the http-listener service to the Deployment. For now this will be an unused port. In the future we will introduce the http_server module in the gitlab-agent code.

Related issues

• Add authentication to the Trivy wrapper image (gitlab-org/gitlab#431331 - closed) • Nick Ilieskou • 16.7
• Create an HTTP server in the Gitlab-agent (gitlab-org/gitlab#431333 - closed) • Unassigned • 16.7