---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: {{ include "common.names.fullname" . }}-secrets-role
  namespace: {{.Release.Namespace}}
rules:
  - apiGroups:
      - "" # "" refers to the core API group
    resources:
      - secrets
    verbs:
      - create
      - get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: {{ include "common.names.fullname" . }}-secrets-role-rb
  namespace: {{ .Release.Namespace }}
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: {{ include "common.names.fullname" . }}-secrets-role
subjects:
- kind: ServiceAccount
  name: {{ include "lib.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}