From 57463faa2595deafd224aeefecadc29dac4c7e9e Mon Sep 17 00:00:00 2001
From: Chris <stuurmcp@telkomsa.net>
Date: Wed, 27 Mar 2024 22:27:49 +0200
Subject: [PATCH] Another update of rbac.yaml

---
 deploy/sthome-webhook/templates/rbac.yaml | 39 +++++++++++++++++++++++
 deploy/sthome-webhook/values.yaml         |  2 +-
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/deploy/sthome-webhook/templates/rbac.yaml b/deploy/sthome-webhook/templates/rbac.yaml
index 851480d..f7e17cb 100644
--- a/deploy/sthome-webhook/templates/rbac.yaml
+++ b/deploy/sthome-webhook/templates/rbac.yaml
@@ -129,3 +129,42 @@ subjects:
     kind: ServiceAccount
     name: {{ .Values.certManager.serviceAccountName }}
     namespace: {{ .Values.certManager.namespace }}
+---
+# Grant cert-manager permission to read secrets from cert-manager ns (i.e. to read the api key for sthome)
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "sthome-webhook.fullname" . }}:sthome-auth
+  namespace: {{ .Values.certManager.namespace }}
+  labels:
+    app: {{ include "sthome-webhook.name" . }}
+    chart: {{ include "sthome-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - 'secrets'
+    verbs:
+      - 'get'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "sthome-webhook.fullname" . }}:sthome-auth
+  namespace: {{ .Values.certManager.namespace }}
+  labels:
+    app: {{ include "sthome-webhook.name" . }}
+    chart: {{ include "sthome-webhook.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "sthome-webhook.fullname" . }}:sthome-auth
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: {{ include "sthome-webhook.fullname" . }}
+    namespace: {{ .Values.certManager.namespace }}
\ No newline at end of file
diff --git a/deploy/sthome-webhook/values.yaml b/deploy/sthome-webhook/values.yaml
index 458f6cb..2dac830 100644
--- a/deploy/sthome-webhook/values.yaml
+++ b/deploy/sthome-webhook/values.yaml
@@ -12,7 +12,7 @@ labels: sthome-webhook
 
 certManager:
   namespace: ix-cert-manager
-  serviceAccountName: cert-manager-certmanager
+  serviceAccountName: cert-manager-certmanager-webhook
 
 #secrets:
 # apiID: