From 4999c2a521ed0e36996a0f8638cfe1c163734ed2 Mon Sep 17 00:00:00 2001
From: Adam Scerra <ascerra@redhat.com>
Date: Wed, 13 Nov 2024 16:20:03 -0500
Subject: [PATCH] patch to staging cluster-provisioner pod read

Signed-off-by: Adam Scerra <ascerra@redhat.com>
---
 .../staging/cluster-provisioner-read-pod-logs.yaml   |  8 ++++++++
 .../cluster-as-a-service/staging/kustomization.yaml  |  2 ++
 .../namespace-manager-pod-reader-binding.yaml        | 12 ++++++++++++
 .../staging/namespace-manager-pod-reader-role.yaml   |  8 ++++++++
 4 files changed, 30 insertions(+)
 create mode 100644 components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml
 create mode 100644 components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml
 create mode 100644 components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml

diff --git a/components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml b/components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml
new file mode 100644
index 00000000000..78b8e17d6ac
--- /dev/null
+++ b/components/cluster-as-a-service/staging/cluster-provisioner-read-pod-logs.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: cluster-provisioner
+rules:
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get"]
\ No newline at end of file
diff --git a/components/cluster-as-a-service/staging/kustomization.yaml b/components/cluster-as-a-service/staging/kustomization.yaml
index c82b467d4f1..a760541ff00 100644
--- a/components/cluster-as-a-service/staging/kustomization.yaml
+++ b/components/cluster-as-a-service/staging/kustomization.yaml
@@ -5,6 +5,8 @@ resources:
   - ../base
   - ../../openshift-gitops
   - external-secrets.yaml
+  - namespace-manager-pod-reader-role.yaml
+  - namespace-manager-pod-reader-binding.yaml
 patches:
   - path: add-hypershift-params.yaml
     target:
diff --git a/components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml
new file mode 100644
index 00000000000..bf4d3d5a985
--- /dev/null
+++ b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: namespace-manager-pod-reader-binding
+subjects:
+  - kind: ServiceAccount
+    name: namespace-manager
+    namespace: ${SPACE_NAME}-eaas
+roleRef:
+  kind: ClusterRole
+  name: namespace-manager-pod-reader
+  apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml
new file mode 100644
index 00000000000..1dc73238a48
--- /dev/null
+++ b/components/cluster-as-a-service/staging/namespace-manager-pod-reader-role.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: namespace-manager-pod-reader
+rules:
+  - apiGroups: [""]
+    resources: ["pods/log"]
+    verbs: ["get"]
\ No newline at end of file