Last active
September 5, 2025 16:15
-
-
Save dana-at-cp/922ce77dabfd2837ab9e0805844cc666 to your computer and use it in GitHub Desktop.
Create a service account in a dedicated 'chkp-cloudguard' namespace/project on an openshift cluster for CloudGuard Controller that includes access to: endpoints, pods, services, and nodes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| oc project chkp-cloudguard | |
| oc create serviceaccount cloudguard-controller | |
| oc create clusterrole endpoint-reader --verb=get,list --resource=endpoints | |
| oc create clusterrolebinding allow-cloudguard-access-endpoints --clusterrole=endpoint-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole pod-reader --verb=get,list --resource=pods | |
| oc create clusterrolebinding allow-cloudguard-access-pods --clusterrole=pod-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole service-reader --verb=get,list --resource=services | |
| oc create clusterrolebinding allow-cloudguard-access-services --clusterrole=service-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| oc create clusterrole node-reader --verb=get,list --resource=nodes | |
| oc create clusterrolebinding allow-cloudguard-access-nodes --clusterrole=node-reader --serviceaccount=chkp-cloudguard:cloudguard-controller | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment