From a40c495e264cd4d96c7bfb9e8696eaf42c1bcbe2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Beatrice=20Dellac=C3=A0?= <hello@beatrice.wtf>
Date: Sun, 6 Apr 2025 21:14:40 +0200
Subject: [PATCH] fix rbac

---
 deploy/minio-tenant/kustomization.yaml |  1 +
 deploy/minio-tenant/rbac.yaml          | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 deploy/minio-tenant/rbac.yaml

diff --git a/deploy/minio-tenant/kustomization.yaml b/deploy/minio-tenant/kustomization.yaml
index adbdbfa..86c841d 100644
--- a/deploy/minio-tenant/kustomization.yaml
+++ b/deploy/minio-tenant/kustomization.yaml
@@ -5,6 +5,7 @@ namespace: minio-tenant
 
 resources:
   - namespace.yaml
+  - rbac.yaml
   - secret.yaml
   - cert-job.yaml
   - tenant.yaml
diff --git a/deploy/minio-tenant/rbac.yaml b/deploy/minio-tenant/rbac.yaml
new file mode 100644
index 0000000..31a2edc
--- /dev/null
+++ b/deploy/minio-tenant/rbac.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secret-access
+  namespace: minio-tenant
+rules:
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "create", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secret-access-binding
+  namespace: minio-tenant
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: minio-tenant
+roleRef:
+  kind: Role
+  name: secret-access
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file