From b53eb881adb3f41d689c0349c959c2756aa381d5 Mon Sep 17 00:00:00 2001
From: Liam <liam@fascinated.cc>
Date: Tue, 24 Sep 2024 04:03:42 +0100
Subject: [PATCH] maybe maybe baby

---
 .../apps/production/drone/runner/rbac.yaml    | 36 +++++++++++++++++--
 1 file changed, 33 insertions(+), 3 deletions(-)

diff --git a/kubernetes/apps/production/drone/runner/rbac.yaml b/kubernetes/apps/production/drone/runner/rbac.yaml
index d0d7cf7..eb43bed 100644
--- a/kubernetes/apps/production/drone/runner/rbac.yaml
+++ b/kubernetes/apps/production/drone/runner/rbac.yaml
@@ -2,7 +2,7 @@ kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: drone
-  namespace: public-services
+  namespace: drone-ci
 rules:
   - apiGroups:
       - ""
@@ -29,12 +29,42 @@ kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: drone
-  namespace: public-services
+  namespace: drone-ci
 subjects:
   - kind: ServiceAccount
     name: default
-    namespace: public-services
+    namespace: drone-ci
 roleRef:
   kind: Role
   name: drone
   apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: drone-deploy-sa
+  namespace: public-services
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: public-services
+  name: drone-deployment-manager
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "create", "update", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: drone-deployment-manager-binding
+  namespace: public-services
+subjects:
+  - kind: ServiceAccount
+    name: drone-deploy-sa
+    namespace: public-services
+roleRef:
+  kind: Role
+  name: drone-deployment-manager
+  apiGroup: rbac.authorization.k8s.io