Give sealed secrets container access to secrets

2023-10-05 21:37:43 -04:00 · 2023-10-05 21:37:43 -04:00 · c73d56c573
parent 4cc2d9b558
commit c73d56c573
2 changed files with 22 additions and 0 deletions
--- a/sealed-secrets/cluster-role-binding-sealed-secrets.yaml
+++ b/sealed-secrets/cluster-role-binding-sealed-secrets.yaml
@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: secret-full-access-rolebinding
+  namespace: sealed-secrets
+subjects:
+- kind: ServiceAccount
+  name: sealed-secrets
+  namespace: sealed-secrets
+roleRef:
+  kind: ClusterRole
+  name: secret-full-access-role
+  apiGroup: rbac.authorization.k8s.io
--- a/sealed-secrets/cluster-role-sealed-secrets.yaml
+++ b/sealed-secrets/cluster-role-sealed-secrets.yaml
@ -0,0 +1,9 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secret-full-access-role
+  namespace: sealed-secrets
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]