fix: improper role permissions
diff --git a/roles/atmosphere/tasks/main.yml b/roles/atmosphere/tasks/main.yml
index 7d95c22..933f72c 100644
--- a/roles/atmosphere/tasks/main.yml
+++ b/roles/atmosphere/tasks/main.yml
@@ -2,6 +2,8 @@
kubernetes.core.k8s:
state: present
template:
+ - cluster_role.yml
+ - cluster_role_binding.yml
- namespace.yml
- role.yml
- service_account.yml
diff --git a/roles/atmosphere/templates/cluster_role.yml b/roles/atmosphere/templates/cluster_role.yml
new file mode 100644
index 0000000..72f1301
--- /dev/null
+++ b/roles/atmosphere/templates/cluster_role.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: atmosphere
+rules:
+ - apiGroups: ["source.toolkit.fluxcd.io"]
+ resources: ["helmrepositories"]
+ verbs: ["get", "create", "patch"]
diff --git a/roles/atmosphere/templates/cluster_role_binding.yml b/roles/atmosphere/templates/cluster_role_binding.yml
new file mode 100644
index 0000000..db8ce31
--- /dev/null
+++ b/roles/atmosphere/templates/cluster_role_binding.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: atmosphere
+subjects:
+ - kind: ServiceAccount
+ name: atmosphere
+ namespace: openstack
+roleRef:
+ kind: ClusterRole
+ name: atmosphere
+ apiGroup: rbac.authorization.k8s.io