From 23499fd7e8eaed605cf391f697c2615c9cb856e1 Mon Sep 17 00:00:00 2001
From: Jonathan Christison <jochrist@redhat.com>
Date: Mon, 26 Jun 2023 14:14:29 +0100
Subject: [PATCH] Bind existing SA and tekton role

---
 k8s/stage/app/tekton-rbac.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 k8s/stage/app/tekton-rbac.yaml

diff --git a/k8s/stage/app/tekton-rbac.yaml b/k8s/stage/app/tekton-rbac.yaml
new file mode 100644
index 0000000..a6d90a7
--- /dev/null
+++ b/k8s/stage/app/tekton-rbac.yaml
@@ -0,0 +1,31 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  labels:
+    app.kubernetes.io/component: tekton
+  name: osh-wrapper-tekton
+  namespace: pct-security-tooling
+rules:
+- apiGroups:
+  - tekton.dev
+  resources:
+  - taskruns
+  - pipelineruns
+  verbs:
+  - create
+  - get
+  - watch
+  - list
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: osh-wrapper-tekton-rolebinding
+  namespace: pct-security-tooling
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: osh-wrapper-tekton
+subjects:
+- kind: ServiceAccount
+  name: osh-wrapper-client-sa