commit 488ac3b13aec0a93fc571f99b86047b7d17a7bbe
author Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Fri Jun 16 12:14:11 2023 +0400
committer Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local> Fri Jun 16 12:14:11 2023 +0400
tree 7b79bcc2305ba7b9cc659fe7006ffcf096a21231
parent cb64b16e1a2a4df4d5a3b6f3e29c02850f830178

charts: tailscale give secret patch role

charts/tailscale/templates/install.yaml

diff --git a/charts/tailscale/templates/install.yaml b/charts/tailscale/templates/install.yaml
index 6227c7e..78b3704 100644
--- a/charts/tailscale/templates/install.yaml
+++ b/charts/tailscale/templates/install.yaml
@@ -70,3 +70,27 @@
         # volumeMounts:
         # - name: tailscale
         #   mountPath: /tailscale-state
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: secrets
+  namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: secrets
+  namespace: {{ .Release.Namespace }}
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: secrets
+  apiGroup: rbac.authorization.k8s.io