From fff27a4b1bec3b3f8de905338a62603f8b5fe475 Mon Sep 17 00:00:00 2001
From: Dreaded_X <tim@huizinga.dev>
Date: Sat, 1 Mar 2025 01:25:34 +0100
Subject: [PATCH] Added permissions to allow kyverno to create secrets

---
 infra/kyverno/values.yaml | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/infra/kyverno/values.yaml b/infra/kyverno/values.yaml
index 1150258..b114d75 100644
--- a/infra/kyverno/values.yaml
+++ b/infra/kyverno/values.yaml
@@ -9,12 +9,41 @@ admissionController:
             - "nodes"
           verbs:
             - get
+        - apiGroups:
+            - ""
+          resources:
+            - "secret"
+          verbs:
+            - get
+            - create
 backgroundController:
   replicas: 2
+  rbac:
+    clusterRole:
+      extraResources:
+        - apiGroups:
+            - ""
+          resources:
+            - "secrets"
+          verbs:
+            - get
+            - update
 cleanupController:
   replicas: 2
 reportsController:
   replicas: 2
+  rbac:
+    clusterRole:
+      extraResources:
+        - apiGroups:
+            - ""
+          resources:
+            - "secrets"
+            - "pods/binding"
+          verbs:
+            - get
+            - list
+            - watch
 
 config:
   webhooks: