patch to staging cluster-provisioner pod read

Signed-off-by: Adam Scerra <[email protected]>
redhat-appstudio · Nov 14, 2024 · 4999c2a · 4999c2a
1 parent e42ca6f
commit 4999c2a
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 0 deletions.
diff --git a/components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml b/components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get"]
diff --git a/components/cluster-as-a-service/staging/kustomization.yaml b/components/cluster-as-a-service/staging/kustomization.yaml
@@ -5,6 +5,8 @@ resources:
   - ../base
   - ../../openshift-gitops
   - external-secrets.yaml
+  - namespace-manager-pod-reader-role.yaml
+  - namespace-manager-pod-reader-binding.yaml
 patches:
   - path: add-hypershift-params.yaml
     target:

diff --git a/components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-manager-pod-reader-binding
+subjects:
+  - kind: ServiceAccount
+    name: namespace-manager
+    namespace: ${SPACE_NAME}-eaas
+roleRef:
+  kind: ClusterRole
+  name: namespace-manager-pod-reader
+  apiGroup: rbac.authorization.k8s.io
diff --git a/components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: namespace-manager-pod-reader
+rules:
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get"]