Basic implementation of client: render qa code and scan from mobile app
diff --git a/charts/vpn-mesh-config/templates/role.yaml b/charts/vpn-mesh-config/templates/role.yaml
new file mode 100644
index 0000000..c48ab48
--- /dev/null
+++ b/charts/vpn-mesh-config/templates/role.yaml
@@ -0,0 +1,42 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Release.Namespace }}-nebula-api
+ namespace: {{ .Release.Namespace }}
+rules:
+- apiGroups:
+ - "lekva.me"
+ resources:
+ - nebulacas
+ - nebulacas/status
+ - nebulanodes
+ - nebulanodes/status
+ verbs:
+ - list
+ - get
+ - create
+ - update
+ - watch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - list
+ - get
+ - create
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Release.Namespace }}-nebula-api
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Release.Namespace }}-nebula-api
+subjects:
+- kind: ServiceAccount
+ name: default
+ namespace: {{ .Release.Namespace }}