From 82ffed133350941b5d9c4071c02c0c85046208d4 Mon Sep 17 00:00:00 2001
From: Marcin-Ramotowski <marcin00.mr@gmail.com>
Date: Tue, 22 Jul 2025 22:42:34 +0200
Subject: [PATCH] Added woodpecker rbac role with needed permissions for
 woodpecker default service account

---
 woodpecker/woodpecker-permissions.yaml | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 woodpecker/woodpecker-permissions.yaml

diff --git a/woodpecker/woodpecker-permissions.yaml b/woodpecker/woodpecker-permissions.yaml
new file mode 100644
index 0000000..43cf806
--- /dev/null
+++ b/woodpecker/woodpecker-permissions.yaml
@@ -0,0 +1,23 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: woodpecker-ci-role
+  namespace: woodpecker
+rules:
+  - apiGroups: [""]
+    resources: ["pods", "pods/log", "pods/exec", "pods/status", "persistentvolumeclaims", "secrets"]
+    verbs: ["get", "list", "watch", "create", "delete", "patch", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: woodpecker-ci-binding
+  namespace: woodpecker
+subjects:
+  - kind: ServiceAccount
+    name: default
+    namespace: woodpecker
+roleRef:
+  kind: Role
+  name: woodpecker-ci-role
+  apiGroup: rbac.authorization.k8s.io