From 1ec480e5faceaf44a471a1a8135801ccfa50f36c Mon Sep 17 00:00:00 2001
From: Viktor Barzin <viktorbarzin@meta.com>
Date: Thu, 26 Mar 2026 17:34:48 +0200
Subject: [PATCH] novelapp: grant vabbit81 (Gheorghe) admin RBAC on novelapp
 namespace

---
 stacks/novelapp/main.tf | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/stacks/novelapp/main.tf b/stacks/novelapp/main.tf
index 2f8899a9..4546271c 100644
--- a/stacks/novelapp/main.tf
+++ b/stacks/novelapp/main.tf
@@ -216,6 +216,24 @@ module "ingress" {
   }
 }
 
+# RBAC — grant vabbit81 (Gheorghe) admin access to novelapp namespace
+resource "kubernetes_role_binding" "novelapp_owner_vabbit81" {
+  metadata {
+    name      = "novelapp-owner-vabbit81"
+    namespace = kubernetes_namespace.novelapp.metadata[0].name
+  }
+  role_ref {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "ClusterRole"
+    name      = "admin"
+  }
+  subject {
+    api_group = "rbac.authorization.k8s.io"
+    kind      = "User"
+    name      = "vabbit81@gmail.com"
+  }
+}
+
 # Sealed Secrets — encrypted secrets safe to commit to git
 resource "kubernetes_manifest" "sealed_secrets" {
   for_each = fileset(path.module, "sealed-*.yaml")