From 87899f57e4dedec4c2c18de100e4b3b4c368ee6b Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Fri, 5 May 2023 19:25:07 +0200
Subject: [PATCH] Add service account

---
 {crd => yaml}/minio-bucket.yaml   |  0
 {crd => yaml}/minio-instance.yaml |  0
 yaml/service_account.yaml         | 32 +++++++++++++++++++++++++++++++
 3 files changed, 32 insertions(+)
 rename {crd => yaml}/minio-bucket.yaml (100%)
 rename {crd => yaml}/minio-instance.yaml (100%)
 create mode 100644 yaml/service_account.yaml

diff --git a/crd/minio-bucket.yaml b/yaml/minio-bucket.yaml
similarity index 100%
rename from crd/minio-bucket.yaml
rename to yaml/minio-bucket.yaml
diff --git a/crd/minio-instance.yaml b/yaml/minio-instance.yaml
similarity index 100%
rename from crd/minio-instance.yaml
rename to yaml/minio-instance.yaml
diff --git a/yaml/service_account.yaml b/yaml/service_account.yaml
new file mode 100644
index 0000000..7d375ae
--- /dev/null
+++ b/yaml/service_account.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: true
+metadata:
+  name: minio-buckets
+  namespace: default
+  labels:
+    app: minio
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: minio-buckets
+  namespace: default
+rules:
+- apiGroups: ["communiquons.org"]
+  resources: ["minioinstances", "miniobuckets"]
+  verbs: ["get", "watch"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: minio-buckets
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: minio-buckets
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: minio-buckets