From 5179d54dcd596b0c3b9ed0986da017e9cf4439d6 Mon Sep 17 00:00:00 2001
From: michaeljguarino <mguarino46@gmail.com>
Date: Thu, 26 Oct 2023 16:05:08 -0400
Subject: [PATCH] add default console read perms

---
 charts/deployment-operator/Chart.yaml         |  2 +-
 .../deployment-operator/templates/rbac.yaml   | 25 +++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/charts/deployment-operator/Chart.yaml b/charts/deployment-operator/Chart.yaml
index 0517995e..2215ec3e 100644
--- a/charts/deployment-operator/Chart.yaml
+++ b/charts/deployment-operator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: deployment-operator
 description: creates a new instance of the plural deployment operator
 type: application
-version: 0.2.2
+version: 0.2.3
 appVersion: "0.3.9"
 maintainers:
 - name: Plural
diff --git a/charts/deployment-operator/templates/rbac.yaml b/charts/deployment-operator/templates/rbac.yaml
index e176fe0e..832d3998 100644
--- a/charts/deployment-operator/templates/rbac.yaml
+++ b/charts/deployment-operator/templates/rbac.yaml
@@ -10,3 +10,28 @@ roleRef:
   kind: ClusterRole
   name: {{ .Values.rbac.clusterRole }}
   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: plrl-console-reader
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list"]
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: console-read-binding
+subjects:
+- kind: User
+  name: console@plural.sh
+  apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: plrl-console-reader
+  apiGroup: rbac.authorization.k8s.io