feat: Discord/Gmail 알림 기능 추가

k8s/12-monitor-rbac.yaml

@@ -0,0 +1,59 @@
+# 백엔드 Pod가 K8s API에서 Pod/Certificate 정보를 읽을 수 있도록 권한 부여
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: portal-backend-sa
+  namespace: web-portal
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: portal-monitor-role
+  namespace: web-portal
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["cert-manager.io"]
+  resources: ["certificates"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: portal-monitor-rolebinding
+  namespace: web-portal
+subjects:
+- kind: ServiceAccount
+  name: portal-backend-sa
+  namespace: web-portal
+roleRef:
+  kind: Role
+  name: portal-monitor-role
+  apiGroup: rbac.authorization.k8s.io
+---
+# gitea, argocd 네임스페이스 인증서 읽기 권한
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: portal-cert-reader
+rules:
+- apiGroups: ["cert-manager.io"]
+  resources: ["certificates"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: portal-cert-reader-binding
+subjects:
+- kind: ServiceAccount
+  name: portal-backend-sa
+  namespace: web-portal
+roleRef:
+  kind: ClusterRole
+  name: portal-cert-reader
+  apiGroup: rbac.authorization.k8s.io