Add RBAC permission for generic-garbage-collector (#56)

xref: stashed/stash#910 Signed-off-by: hossainemruz <[email protected]>
stashed · Jun 1, 2020 · 4e3474a · 4e3474a
1 parent be006f6
commit 4e3474a
Showing 1 changed file with 29 additions and 0 deletions.
diff --git a/charts/stash/templates/gerbage-collector-rbac.yaml b/charts/stash/templates/gerbage-collector-rbac.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: appscode:stash:garbage-collector
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+rules:
+- apiGroups:
+  - policy
+  verbs: ["use"]
+  resources:
+  - podsecuritypolicies
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: appscode:stash:garbage-collector
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: appscode:stash:garbage-collector
+subjects:
+- kind: ServiceAccount
+  name: generic-garbage-collector
+  namespace: kube-system