New to Stash? Please start here.
To use Stash in a RBAC enabled cluster, install Stash with RBAC options. This creates a ClusterRole named
Sidecar container added to workloads makes various calls to Kubernetes api. ServiceAccounts used with Deployment, ReplicaSet, DaemonSet and ReplicationController workloads are automatically bound to
stash-sidecar ClusterRole by Stash operator. Users should manually add the following RoleBinding to service accounts used with StatefulSet workloads to authorize these api calls.
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: <statefulset-name>-stash-sidecar namespace: <statefulset-namespace> roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: stash-sidecar subjects: - kind: ServiceAccount name: <statefulset-sa> namespace: <statefulset-namespace>
You can find full working examples here.