feat: Add RBAC for CNP to read B2 credentials secret

2026-03-26 22:56:00 +00:00
parent cc14e32572
commit 144d40e7ac
2 changed files with 14 additions and 0 deletions
--- a/infrastructure/addons/cnpg/kustomization.yaml
+++ b/infrastructure/addons/cnpg/kustomization.yaml
@@ -6,4 +6,5 @@ resources:
  - rancher-db-password-externalsecret.yaml
  - postgres-cluster.yaml
  - cnpg-cluster-rw-svc.yaml
+  - rolebinding-b2-reader.yaml
  - pgdump-cronjob.yaml
--- a/infrastructure/addons/cnpg/rolebinding-b2-reader.yaml
+++ b/infrastructure/addons/cnpg/rolebinding-b2-reader.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: rancher-db-b2-reader
+  namespace: cnpg-cluster
+subjects:
+  - kind: ServiceAccount
+    name: rancher-db
+    namespace: cnpg-cluster
+roleRef:
+  kind: Role
+  name: rancher-db-b2-reader
+  apiGroup: rbac.authorization.k8s.io