From b94577d282029fceadc9b061672c01b0153d1421 Mon Sep 17 00:00:00 2001
From: ZacharyLeahan <zachary.leahan@gmail.com>
Date: Sat, 24 May 2025 22:57:43 -0400
Subject: [PATCH 1/2] Fix PVC name to match existing production PVC

---
 choose-native-plants/release-values.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/choose-native-plants/release-values.yaml b/choose-native-plants/release-values.yaml
index 2c5719f..5d939c3 100644
--- a/choose-native-plants/release-values.yaml
+++ b/choose-native-plants/release-values.yaml
@@ -56,7 +56,7 @@ resources:
 
 # Use existing resources instead of creating new ones
 existingPVCs:
-  appImages: "choose-native-plants-app-images-v2"
+  appImages: "choose-native-plants-app-images"
   mongoData: "choose-native-plants-mongo-data"
 
 # Horizontal Pod Autoscaling configuration

From a42e380f05883f9cd17301d3fcf56d3a523bb1e7 Mon Sep 17 00:00:00 2001
From: ZacharyLeahan <zachary.leahan@gmail.com>
Date: Sun, 25 May 2025 08:19:19 -0400
Subject: [PATCH 2/2] Clean up YAML formatting and update RBAC permissions for
 troubleshooting in choose-native-plants namespace

---
 admins/choose-native-plants.yaml | 34 +++++++++++++++++++++++++-------
 1 file changed, 27 insertions(+), 7 deletions(-)

diff --git a/admins/choose-native-plants.yaml b/admins/choose-native-plants.yaml
index ec248b5..8aa6fbc 100644
--- a/admins/choose-native-plants.yaml
+++ b/admins/choose-native-plants.yaml
@@ -2,23 +2,20 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: choose-native-plants
-
 ---
-
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: deployment-admin
   namespace: choose-native-plants
-
 ---
-
 kind: Role
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: deployment-admin
   namespace: choose-native-plants
 rules:
+# Chris's original permissions (unchanged)
 - apiGroups: [""]
   resources: ["pods"]
   verbs: ["get", "watch", "list", "delete"]
@@ -28,9 +25,32 @@ rules:
 - apiGroups: [""]
   resources: ["pods/log"]
   verbs: ["get"]
-
+# Additional read-only permissions for troubleshooting (Zach's need to troubleshoot prod)
+- apiGroups: [""]
+  resources: ["events"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["apps", "extensions"]
+  resources: ["deployments", "replicasets", "statefulsets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["configmaps", "persistentvolumeclaims", "services"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["ingresses"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["endpoints", "serviceaccounts"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["networking.k8s.io"]
+  resources: ["networkpolicies"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["batch"]
+  resources: ["jobs", "cronjobs"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: ["rbac.authorization.k8s.io"]
+  resources: ["roles", "rolebindings"]
+  verbs: ["get", "list", "watch"]
 ---
-
 kind: RoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
@@ -43,4 +63,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: deployment-admin
+  name: deployment-admin
\ No newline at end of file