From e4d25d167a6beca9cc260c4709d69810784ce4ee Mon Sep 17 00:00:00 2001
From: Tarashish Mishra <sunu@sunu.in>
Date: Mon, 30 Oct 2023 13:25:49 +0530
Subject: [PATCH] Add the required role-binding for the init container

---
 .../templates/api/role-binding.yaml           | 35 +++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 deploy/helm/ifrcgo-helm/templates/api/role-binding.yaml

diff --git a/deploy/helm/ifrcgo-helm/templates/api/role-binding.yaml b/deploy/helm/ifrcgo-helm/templates/api/role-binding.yaml
new file mode 100644
index 000000000..3a2ec7de1
--- /dev/null
+++ b/deploy/helm/ifrcgo-helm/templates/api/role-binding.yaml
@@ -0,0 +1,35 @@
+# Role and rolebinding to allow the api init container to wait for the migrations job to complete
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "ifrcgo-helm.fullname" . }}-watch-resources-role
+  labels:
+    component: api-deployment
+    environment: {{ .Values.environment }}
+    release: {{ .Release.Name }}
+rules:
+- apiGroups: [""]
+  resources: ["services","pods","deployments"]
+  verbs: ["get","watch","list"]
+- apiGroups: ["batch"]
+  resources: ["jobs"]
+  verbs: ["get","watch","list"]
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "ifrcgo-helm.fullname" . }}-watch-resources-role-binding
+  labels:
+    component: api-deployment
+    environment: {{ .Values.environment }}
+    release: {{ .Release.Name }}
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "ifrcgo-helm.fullname" . }}-watch-resources-role
\ No newline at end of file