From 52882f1bb5f5011759ffb76e63cb0d15b84a484c Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 12 Apr 2026 11:36:33 -0300
Subject: [PATCH] maintenance(soteria): add serviceaccount and rbac manifests

---
 services/maintenance/soteria-rbac.yaml        | 29 +++++++++++++++++++
 .../maintenance/soteria-serviceaccount.yaml   |  9 ++++++
 2 files changed, 38 insertions(+)
 create mode 100644 services/maintenance/soteria-rbac.yaml
 create mode 100644 services/maintenance/soteria-serviceaccount.yaml

diff --git a/services/maintenance/soteria-rbac.yaml b/services/maintenance/soteria-rbac.yaml
new file mode 100644
index 00000000..ebb9d831
--- /dev/null
+++ b/services/maintenance/soteria-rbac.yaml
@@ -0,0 +1,29 @@
+# services/maintenance/soteria-rbac.yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: soteria
+rules:
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims", "persistentvolumes"]
+    verbs: ["get", "list"]
+  - apiGroups: [""]
+    resources: ["secrets"]
+    verbs: ["get", "list", "create", "update", "delete"]
+  - apiGroups: ["batch"]
+    resources: ["jobs"]
+    verbs: ["get", "list", "create", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: soteria
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: soteria
+subjects:
+  - kind: ServiceAccount
+    name: soteria
+    namespace: maintenance
+
diff --git a/services/maintenance/soteria-serviceaccount.yaml b/services/maintenance/soteria-serviceaccount.yaml
new file mode 100644
index 00000000..5b19d883
--- /dev/null
+++ b/services/maintenance/soteria-serviceaccount.yaml
@@ -0,0 +1,9 @@
+# services/maintenance/soteria-serviceaccount.yaml
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: soteria
+  namespace: maintenance
+imagePullSecrets:
+  - name: harbor-regcred
+