New to Stash? Please start here.
To use Stash in a RBAC enabled cluster, install Stash with RBAC options. This creates a ClusterRole named
Sidecar container added to workloads makes various calls to Kubernetes api. ServiceAccounts used with Deployment, ReplicaSet, DaemonSet and ReplicationController workloads are automatically bound to
stash-sidecar ClusterRole by Stash operator. Users should manually add the following RoleBinding to service accounts used with StatefulSet workloads to authorize these api calls.
apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: statefulset-name-stash-sidecar namespace: statefulset-namespace roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: stash-sidecar subjects: - kind: ServiceAccount name: statefulset-sa namespace: statefulset-namespace
You can find full working examples here.