commit da4016b77b1e4628ec432674fe6cd97a7ec5e81e
author Mohammed Naser <mnaser@vexxhost.com> Tue Sep 20 10:25:02 2022 -0400
committer Mohammed Naser <mnaser@vexxhost.com> Tue Sep 20 21:43:29 2022 -0400
tree b1394d899ed7f1c07a96ba31e8175274ba7e0726
parent 6ed983af64f2f3a038b3b7bea2cf7a88044faa65

fix: improper role permissions

roles/atmosphere/tasks/main.yml

diff --git a/roles/atmosphere/tasks/main.yml b/roles/atmosphere/tasks/main.yml
index 7d95c22..933f72c 100644
--- a/roles/atmosphere/tasks/main.yml
+++ b/roles/atmosphere/tasks/main.yml
@@ -2,6 +2,8 @@
   kubernetes.core.k8s:
     state: present
     template:
+      - cluster_role.yml
+      - cluster_role_binding.yml
       - namespace.yml
       - role.yml
       - service_account.yml

roles/atmosphere/templates/cluster_role.yml

diff --git a/roles/atmosphere/templates/cluster_role.yml b/roles/atmosphere/templates/cluster_role.yml
new file mode 100644
index 0000000..72f1301
--- /dev/null
+++ b/roles/atmosphere/templates/cluster_role.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: atmosphere
+rules:
+  - apiGroups: ["source.toolkit.fluxcd.io"]
+    resources: ["helmrepositories"]
+    verbs: ["get", "create", "patch"]

roles/atmosphere/templates/cluster_role_binding.yml

diff --git a/roles/atmosphere/templates/cluster_role_binding.yml b/roles/atmosphere/templates/cluster_role_binding.yml
new file mode 100644
index 0000000..db8ce31
--- /dev/null
+++ b/roles/atmosphere/templates/cluster_role_binding.yml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: atmosphere
+subjects:
+  - kind: ServiceAccount
+    name: atmosphere
+    namespace: openstack
+roleRef:
+  kind: ClusterRole
+  name: atmosphere
+  apiGroup: rbac.authorization.k8s.io