From 08f99f44f324c811f112818f4751e58b43b61f0a Mon Sep 17 00:00:00 2001
From: Marius Ensrud <marius@ensrud.net>
Date: Tue, 6 Jun 2023 10:09:58 +0200
Subject: [PATCH] fix rbac

---
 .../godaddy-webhook/0.2.0/templates/rbac.yaml | 32 +++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/charts/godaddy-webhook/0.2.0/templates/rbac.yaml b/charts/godaddy-webhook/0.2.0/templates/rbac.yaml
index 2d0fa02..23f432b 100644
--- a/charts/godaddy-webhook/0.2.0/templates/rbac.yaml
+++ b/charts/godaddy-webhook/0.2.0/templates/rbac.yaml
@@ -103,3 +103,35 @@ rules:
       - 'secrets'
     verbs:
       - 'get'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "godaddy-webhook.fullname" . }}:flowcontrol-solver
+  labels:
+{{ include "godaddy-webhook.labels" . | indent 4 }}
+rules:
+  - apiGroups:
+      - "flowcontrol.apiserver.k8s.io"
+    resources:
+      - "prioritylevelconfigurations"
+      - "flowschemas"
+    verbs:
+      - "list"
+      - "watch"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "godaddy-webhook.fullname" . }}:flowcontrol-solver
+  labels:
+{{ include "godaddy-webhook.labels" . | indent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "godaddy-webhook.fullname" . }}:flowcontrol-solver
+subjects:
+  - apiGroup: ""
+    kind: ServiceAccount
+    name: godaddy-webhook
+    namespace: cert-manager