From fd60dd660956484c6289bd7604fc3286f7e85d74 Mon Sep 17 00:00:00 2001
From: Brendan Galloway <brendan@flanksource.com>
Date: Tue, 27 Aug 2024 14:38:55 +0200
Subject: [PATCH] feat: allow write role to create namespaces

---
 chart/templates/rbac.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml
index e533ed68..1729779e 100644
--- a/chart/templates/rbac.yaml
+++ b/chart/templates/rbac.yaml
@@ -150,6 +150,17 @@ rules:
   - apiGroups: ['']
     resources: ['configmaps', 'secrets']
     verbs: ['*']
+  {{- if .Values.serviceAccount.rbac.clusterRole}}
+  - apiGroups: ['']
+    resources: ['namespaces']
+    verbs:
+      - create
+      - patch
+      - get
+      - list
+      - update
+      - watch
+  {{- end }}
   - apiGroups:
       - 'configs.flanksource.com'
       - 'canaries.flanksource.com'