From 724c03c10c346b4601e7fa8452470649171d2b8b Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 31 Jan 2024 00:01:28 +1100
Subject: [PATCH 1/3] add role binding to allow shipit deploys

---
 config/deploy/production/shipit-access.yml |  1 +
 config/deploy/shipit-access.yml            | 13 +++++++++++++
 config/deploy/staging/shipit-access.yml    |  1 +
 3 files changed, 15 insertions(+)
 create mode 120000 config/deploy/production/shipit-access.yml
 create mode 100644 config/deploy/shipit-access.yml
 create mode 120000 config/deploy/staging/shipit-access.yml

diff --git a/config/deploy/production/shipit-access.yml b/config/deploy/production/shipit-access.yml
new file mode 120000
index 0000000..5059cdb
--- /dev/null
+++ b/config/deploy/production/shipit-access.yml
@@ -0,0 +1 @@
+../shipit-access.yml
\ No newline at end of file
diff --git a/config/deploy/shipit-access.yml b/config/deploy/shipit-access.yml
new file mode 100644
index 0000000..be4f72c
--- /dev/null
+++ b/config/deploy/shipit-access.yml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: shipit-access
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: shipit
+    apiGroup: rbac.authorization.k8s.io
+roleRef:
+  kind: ClusterRole
+  name: cluster-admin
+  apiGroup: rbac.authorization.k8s.io
diff --git a/config/deploy/staging/shipit-access.yml b/config/deploy/staging/shipit-access.yml
new file mode 120000
index 0000000..5059cdb
--- /dev/null
+++ b/config/deploy/staging/shipit-access.yml
@@ -0,0 +1 @@
+../shipit-access.yml
\ No newline at end of file

From b695bad526a25797d93b16bca0bf5fd4e9b508a3 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 31 Jan 2024 00:53:19 +1100
Subject: [PATCH 2/3] remove un-needed apiGroup

---
 config/deploy/shipit-access.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/config/deploy/shipit-access.yml b/config/deploy/shipit-access.yml
index be4f72c..bee857d 100644
--- a/config/deploy/shipit-access.yml
+++ b/config/deploy/shipit-access.yml
@@ -6,7 +6,6 @@ subjects:
   - kind: ServiceAccount
     name: default
     namespace: shipit
-    apiGroup: rbac.authorization.k8s.io
 roleRef:
   kind: ClusterRole
   name: cluster-admin

From 7d0c89e719652bfb43965422e1a7b0a0868a7c52 Mon Sep 17 00:00:00 2001
From: Colby Swandale <996377+colby-swandale@users.noreply.github.com>
Date: Wed, 31 Jan 2024 16:32:55 +1100
Subject: [PATCH 3/3] dont symlink shipit-access role binding, keep it managed
 outside of shipit deploy/krane

---
 config/deploy/production/shipit-access.yml | 1 -
 config/deploy/staging/shipit-access.yml    | 1 -
 2 files changed, 2 deletions(-)
 delete mode 120000 config/deploy/production/shipit-access.yml
 delete mode 120000 config/deploy/staging/shipit-access.yml

diff --git a/config/deploy/production/shipit-access.yml b/config/deploy/production/shipit-access.yml
deleted file mode 120000
index 5059cdb..0000000
--- a/config/deploy/production/shipit-access.yml
+++ /dev/null
@@ -1 +0,0 @@
-../shipit-access.yml
\ No newline at end of file
diff --git a/config/deploy/staging/shipit-access.yml b/config/deploy/staging/shipit-access.yml
deleted file mode 120000
index 5059cdb..0000000
--- a/config/deploy/staging/shipit-access.yml
+++ /dev/null
@@ -1 +0,0 @@
-../shipit-access.yml
\ No newline at end of file