From 6e0cea06acca525f49db5c1d7702581a00e89e41 Mon Sep 17 00:00:00 2001
From: fhochleitner <felix.hochleitner@outlook.com>
Date: Thu, 3 Aug 2023 11:06:24 +0200
Subject: [PATCH] GPX-712 [Betrieb] Vorbereitungsarbeiten techn. Betrieb MEGA

fix permission problem with group to role mapping

Signed-off-by: fhochleitner <felix.hochleitner@outlook.com>
---
 infra/gp-kyverno/Chart.yaml          |  2 +-
 infra/gp-kyverno/templates/rbac.yaml | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)
 create mode 100644 infra/gp-kyverno/templates/rbac.yaml

diff --git a/infra/gp-kyverno/Chart.yaml b/infra/gp-kyverno/Chart.yaml
index 55ea35bd..feddb109 100644
--- a/infra/gp-kyverno/Chart.yaml
+++ b/infra/gp-kyverno/Chart.yaml
@@ -3,7 +3,7 @@ name: gp-kyverno
 description: A Helm chart for deploying kyverno on gepaplexx openshift clusters
 
 type: application
-version: 1.0.6
+version: 1.0.7
 
 appVersion: "1.9.1"
 dependencies:
diff --git a/infra/gp-kyverno/templates/rbac.yaml b/infra/gp-kyverno/templates/rbac.yaml
new file mode 100644
index 00000000..e79b680f
--- /dev/null
+++ b/infra/gp-kyverno/templates/rbac.yaml
@@ -0,0 +1,21 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kyverno-auth-role
+rules:
+  - apiGroups: ["authorization.openshift.io"]
+    resources: ["rolebinidngs"]
+    verbs: ["create", "list", "update", "get", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kyverno-auth-rolebinding
+roleRef:
+    apiGroup: rbac.authorization.k8s.io
+    kind: ClusterRole
+    name: kyverno-auth-role
+subjects:
+- kind: ServiceAccount
+  name: {{ .Release.Name }}-background-controller
+  namespace: {{ .Release.Namespace }}
\ No newline at end of file