From b3451396a3a91c4bd66b7b5f4b1bc31a96112c0d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1rcio=20Fernandes?= <marcio.fernandes@outlook.pt>
Date: Sat, 22 Nov 2025 19:03:54 +0000
Subject: [PATCH] modified:   README.md modified:   deploy/lms-deploy.yaml new
 file:   deploy/rbac.yaml

---
 README.md              |  9 ++++++---
 deploy/lms-deploy.yaml |  7 -------
 deploy/rbac.yaml       | 32 ++++++++++++++++++++++++++++++++
 3 files changed, 38 insertions(+), 10 deletions(-)
 create mode 100644 deploy/rbac.yaml

diff --git a/README.md b/README.md
index df260ce..d4b281e 100644
--- a/README.md
+++ b/README.md
@@ -7,7 +7,7 @@ Currently hosted on [homesrv01.dev.lan](/marcio.fernandes/homesrv01.dev.lan).
 <!-- omit in toc -->
 ## Table of Contents
 
-- [Docker](#docker)
+- [Namespace](#namespace)
   - [Volumes](#volumes)
     - [data](#data)
     - [music](#music)
@@ -15,9 +15,12 @@ Currently hosted on [homesrv01.dev.lan](/marcio.fernandes/homesrv01.dev.lan).
 - [Clients](#clients)
 - [Links](#links)
 
-## Docker
+## Namespace
 
-[Docker Compose](./docker-compose.yml)
+```bash { cwd=../ terminalRows=15 }
+# from repo root folder
+kubectl create namespace lms
+```
 
 ### Volumes
 
diff --git a/deploy/lms-deploy.yaml b/deploy/lms-deploy.yaml
index 7d253dd..da53229 100644
--- a/deploy/lms-deploy.yaml
+++ b/deploy/lms-deploy.yaml
@@ -1,10 +1,3 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: lyrionmusicserver
-
----
-
 apiVersion: v1
 kind: Service
 metadata:
diff --git a/deploy/rbac.yaml b/deploy/rbac.yaml
new file mode 100644
index 0000000..8d641d5
--- /dev/null
+++ b/deploy/rbac.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: lyrionmusicserver
+  name: ci-cd
+rules:
+- apiGroups: [""]
+  resources: ["pods", "services", "secrets", "configmaps", "persistentvolumeclaims", "endpoints"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["apps"]
+  resources: ["deployments", "statefulsets"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+- apiGroups: ["traefik.io"]
+  resources: ["ingressroutes"]
+  verbs: ["get", "watch", "list", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name:  ci-cd
+  namespace: lyrionmusicserver
+subjects:
+- kind: ServiceAccount
+  name: casa-ci-cd
+  namespace: home-assistant
+roleRef:
+  kind: Role
+  name: ci-cd
+  apiGroup: rbac.authorization.k8s.io