From 668b5bf5a98d6b3b308d9b7dcc2d7c4501365b39 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 6 Nov 2022 17:22:46 -0600
Subject: [PATCH] kitchen: Allow Jenkins to restart deployment

Jenkins is now allowed to restart the Deployment named *kitchen* in the
*kitchen* namespace.  It will do this after pushing a new container
image from a build of the *master* branch.
---
 kitchen/kitchen.yaml | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/kitchen/kitchen.yaml b/kitchen/kitchen.yaml
index 2fc84f9..104f701 100644
--- a/kitchen/kitchen.yaml
+++ b/kitchen/kitchen.yaml
@@ -111,3 +111,35 @@ spec:
             name: kitchen
             port:
               name: http
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: jenkins
+  namespace: kitchen
+rules:
+  - apiGroups:
+    - apps
+    resources:
+    - deployments
+    resourceNames:
+    - kitchen
+    verbs:
+    - get
+    - patch
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: jenkins
+  namespace: kitchen
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: jenkins
+subjects:
+- apiGroup: rbac.authorization.k8s.io
+  kind: User
+  name: jenkins