component/content-service: Add rolebinding for kube-rbac-proxy token verification

Signed-off-by: ArthurSens <[email protected]>

Author: ArthurSens

install/installer/pkg/components/content-service/rolebinding.go

@@ -31,5 +31,24 @@ func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {
 			Kind: "ServiceAccount",
 			Name: Component,
 		}},
-	}}, nil
+	}, &rbacv1.ClusterRoleBinding{
+		TypeMeta: common.TypeMetaClusterRoleBinding,
+		ObjectMeta: metav1.ObjectMeta{
+			Name:   fmt.Sprintf("%s-%s-rb-kube-rbac-proxy", ctx.Namespace, Component),
+			Labels: common.DefaultLabels(Component),
+		},
+		RoleRef: rbacv1.RoleRef{
+			Kind:     "ClusterRole",
+			Name:     fmt.Sprintf("%s-kube-rbac-proxy", ctx.Namespace),
+			APIGroup: "rbac.authorization.k8s.io",
+		},
+		Subjects: []rbacv1.Subject{
+			{
+				Kind:      "ServiceAccount",
+				Name:      Component,
+				Namespace: ctx.Namespace,
+			},
+		},
+	},
+	}, nil
 }