From 5808b6de4002758867d1dd1ee5e7ab234e197817 Mon Sep 17 00:00:00 2001
From: Christian Knell <christian@knell.it>
Date: Tue, 1 Oct 2024 16:28:34 +0200
Subject: [PATCH] added rbac

---
 .../templates/clusterrole.yaml                | 47 +++++++++++++++++++
 .../templates/clusterrolebinding.yaml         | 13 +++++
 2 files changed, 60 insertions(+)
 create mode 100644 charts/cluster-api-visualizer/templates/clusterrole.yaml
 create mode 100644 charts/cluster-api-visualizer/templates/clusterrolebinding.yaml

diff --git a/charts/cluster-api-visualizer/templates/clusterrole.yaml b/charts/cluster-api-visualizer/templates/clusterrole.yaml
new file mode 100644
index 00000000..4d0ff4fe
--- /dev/null
+++ b/charts/cluster-api-visualizer/templates/clusterrole.yaml
@@ -0,0 +1,47 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "cluster-api-visualizer.fullname" . }}
+rules:
+  - apiGroups:
+      - ''
+    resources:
+      - '*'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - 'apiextensions.k8s.io'
+    resources:
+      - 'customresourcedefinitions'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - 'cluster.x-k8s.io'
+      - 'addons.cluster.x-k8s.io'
+      - 'bootstrap.cluster.x-k8s.io'
+      - 'controlplane.cluster.x-k8s.io'
+      - 'ipam.cluster.x-k8s.io'
+      - 'infrastructure.cluster.x-k8s.io'
+      - 'runtime.cluster.x-k8s.io'
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  # Note: this is a fallback to allow the visualizer to work with user-specific CRDs.
+  - apiGroups:
+      - '*'
+    resources:
+      - '*'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - nonResourceURLs:
+      - '*'
+    verbs:
+      - '*'
diff --git a/charts/cluster-api-visualizer/templates/clusterrolebinding.yaml b/charts/cluster-api-visualizer/templates/clusterrolebinding.yaml
new file mode 100644
index 00000000..7266c94e
--- /dev/null
+++ b/charts/cluster-api-visualizer/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "cluster-api-visualizer.fullname" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "cluster-api-visualizer.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cluster-api-visualizer.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}