homelab/deployment/ha-sync/rbac.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: ha-sync-lease-manager
  namespace: infrastructure
rules:
  - apiGroups: ["coordination.k8s.io"]
    resources: ["leases"]
    verbs: ["create", "get", "update", "delete", "list", "watch"]
  - apiGroups: ["batch"]
    resources: ["cronjobs", "jobs"]
    verbs: ["create", "get", "update", "patch", "delete", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: ha-sync-lease-manager
  namespace: infrastructure
subjects:
  - kind: ServiceAccount
    name: ha-sync
    namespace: infrastructure
roleRef:
  kind: Role
  name: ha-sync-lease-manager
  apiGroup: rbac.authorization.k8s.io