Add service account to manage deployments in nextcloud

test/nextcloud/1.0.0/templates/_helpers.tpl

@@ -113,3 +113,10 @@ Postgres Selector labels
 app.kubernetes.io/name: {{ include "nextcloud.name" . }}-postgres
 app.kubernetes.io/instance: {{ .Release.Name }}-postgres
 {{- end }}
+
+{{/*
+Nextcloud service account
+*/}}
+{{- define "nextcloud.serviceAccountName" -}}
+{{- printf "%s-service-account" .Release.Name -}}
+{{- end -}}

test/nextcloud/1.0.0/templates/serviceaccount.yaml

@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "nextcloud.serviceAccountName" }}
+  namespace: {{ .Release.Namespace }}
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-service-account-role-binding
+subjects:
+- kind: ServiceAccount
+  name: {{ template "nextcloud.serviceAccountName" }}
+  namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: Role
+  name: spinupcontainers
+  apiGroup: rbac.authorization.k8s.io
+
+---
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-service-account-role
+  namespace: {{ .Release.Namespace }}
+rules:
+  - apiGroups:
+    - ""
+    - "apps"
+    resources:
+      - pods
+      - deployments
+    verbs:
+      - delete
+      - get
+      - list