From 4e3474a336ee47db68b9a6d62f80dc6ac45e3324 Mon Sep 17 00:00:00 2001
From: "Md. Emruz Hossain" <hossainemruz@gmail.com>
Date: Mon, 1 Jun 2020 15:21:25 +0600
Subject: [PATCH] Add RBAC permission for generic-garbage-collector (#56)

xref: https://github.com/stashed/stash/issues/910

Signed-off-by: hossainemruz <emruz@appscode.com>
---
 .../templates/gerbage-collector-rbac.yaml     | 29 +++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 charts/stash/templates/gerbage-collector-rbac.yaml

diff --git a/charts/stash/templates/gerbage-collector-rbac.yaml b/charts/stash/templates/gerbage-collector-rbac.yaml
new file mode 100644
index 000000000..806d928fb
--- /dev/null
+++ b/charts/stash/templates/gerbage-collector-rbac.yaml
@@ -0,0 +1,29 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: appscode:stash:garbage-collector
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+rules:
+- apiGroups:
+  - policy
+  verbs: ["use"]
+  resources:
+  - podsecuritypolicies
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: appscode:stash:garbage-collector
+  annotations:
+    "helm.sh/hook": pre-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: appscode:stash:garbage-collector
+subjects:
+- kind: ServiceAccount
+  name: generic-garbage-collector
+  namespace: kube-system