++ rbac for dvcr

Signed-off-by: Ivan Mikheykin <[email protected]>

Author: diafour

templates/dvcr/rbac-for-us.yaml

@@ -8,6 +8,46 @@ metadata:
   namespace: d8-{{ .Chart.Name }}
 imagePullSecrets:
 - name: virtualization-module-registry
+
+# dvcr-maintenance
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: d8:virtualization:dvcr
+  {{- include "helm_lib_module_labels" (list . (dict "app" "dvcr")) | nindent 2 }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+  - update
+- apiGroups:
+  - virtualization.deckhouse.io
+  resources:
+  - virtualdisks
+  - virtualimages
+  - clustervirtualimages
+  verbs:
+  - get
+  - list
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: d8:virtualization:dvcr
+  {{- include "helm_lib_module_labels" (list . (dict "app" "dvcr")) | nindent 2 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: d8:virtualization:dvcr
+subjects:
+  - kind: ServiceAccount
+    name: dvcr
+    namespace: d8-{{ .Chart.Name }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding