fix(infra): restart API deployment and grant RBAC for farh-net agent

Add restart annotation to trigger Flux-driven rollout so the API picks up the alpine/git init container fix (ef79ca2). Also add a deploy-manager Role and RoleBinding so the farh-net:farh-net-paperclip SA can manage deployments in the hightower namespace going forward. Resolves FAR-112. Co-Authored-By: Paperclip <noreply@paperclip.ing>
2026-04-21 12:43:43 +00:00
parent b72639e260
commit ec210b3c92
2 changed files with 26 additions and 0 deletions
@@ -14,6 +14,8 @@ spec:
    metadata:
      labels:
        app: hightower-api
+      annotations:
+        kubectl.kubernetes.io/restartedAt: "2026-04-21T12:45:00Z"
    spec:
      serviceAccountName: hightower-api
      containers:
@@ -27,3 +27,27 @@ roleRef:
  kind: Role
  name: hightower-api
  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: hightower-deploy-manager
+  namespace: hightower
+rules:
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch", "update", "patch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: farh-net-deploy-manager
+  namespace: hightower
+subjects:
+  - kind: ServiceAccount
+    name: farh-net-paperclip
+    namespace: farh-net
+roleRef:
+  kind: Role
+  name: hightower-deploy-manager
+  apiGroup: rbac.authorization.k8s.io