From 144d40e7acdabba81d0c5a45fd96368e684e8043 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Thu, 26 Mar 2026 22:56:00 +0000
Subject: [PATCH] feat: Add RBAC for CNP to read B2 credentials secret

---
 infrastructure/addons/cnpg/kustomization.yaml       |  1 +
 .../addons/cnpg/rolebinding-b2-reader.yaml          | 13 +++++++++++++
 2 files changed, 14 insertions(+)
 create mode 100644 infrastructure/addons/cnpg/rolebinding-b2-reader.yaml

diff --git a/infrastructure/addons/cnpg/kustomization.yaml b/infrastructure/addons/cnpg/kustomization.yaml
index 12664c8..f676cfb 100644
--- a/infrastructure/addons/cnpg/kustomization.yaml
+++ b/infrastructure/addons/cnpg/kustomization.yaml
@@ -6,4 +6,5 @@ resources:
   - rancher-db-password-externalsecret.yaml
   - postgres-cluster.yaml
   - cnpg-cluster-rw-svc.yaml
+  - rolebinding-b2-reader.yaml
   - pgdump-cronjob.yaml
\ No newline at end of file
diff --git a/infrastructure/addons/cnpg/rolebinding-b2-reader.yaml b/infrastructure/addons/cnpg/rolebinding-b2-reader.yaml
new file mode 100644
index 0000000..d62901c
--- /dev/null
+++ b/infrastructure/addons/cnpg/rolebinding-b2-reader.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rancher-db-b2-reader
+  namespace: cnpg-cluster
+subjects:
+  - kind: ServiceAccount
+    name: rancher-db
+    namespace: cnpg-cluster
+roleRef:
+  kind: Role
+  name: rancher-db-b2-reader
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file