From 202271d18dc1387f516214d599c47155720f8ab7 Mon Sep 17 00:00:00 2001
From: Antoine Cotten <hello@acotten.com>
Date: Wed, 4 Oct 2017 16:16:31 +0200
Subject: [PATCH] elasticsearch: Add Role and RoleBinding for RBAC

---
 staging/elasticsearch/README.md |  7 +++++++
 staging/elasticsearch/rbac.yaml | 25 +++++++++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 staging/elasticsearch/rbac.yaml

diff --git a/staging/elasticsearch/README.md b/staging/elasticsearch/README.md
index a37f0447..b550b631 100644
--- a/staging/elasticsearch/README.md
+++ b/staging/elasticsearch/README.md
@@ -21,6 +21,13 @@ kubectl create -f staging/elasticsearch/es-svc.yaml
 kubectl create -f staging/elasticsearch/es-rc.yaml
 ```
 
+The [io.fabric8:elasticsearch-cloud-kubernetes](https://github.com/fabric8io/elasticsearch-cloud-kubernetes) plugin requires limited access to the Kubernetes API in order to fetch the list of Elasticsearch endpoints.
+If your cluster has the RBAC authorization mode enabled, create the additional `Role` and `RoleBinding` with:
+
+```
+kubectl create -f staging/elasticsearch/rbac.yaml
+```
+
 Let's see if it worked:
 
 ```
diff --git a/staging/elasticsearch/rbac.yaml b/staging/elasticsearch/rbac.yaml
new file mode 100644
index 00000000..53dc6326
--- /dev/null
+++ b/staging/elasticsearch/rbac.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: elasticsearch
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - endpoints
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: elasticsearch
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: elasticsearch
+subjects:
+- kind: ServiceAccount
+  name: elasticsearch
+  namespace: default