Allow secret creation

Author: jpreese

README.md

@@ -132,6 +132,7 @@ One `ClusterRoleBinding` per name in the `owners` field. Bindings are added and
 |Verbs|API Groups|Resources|
 |---|---|---|
 |*|core|pods, pods/log, pods/portforward, services, services/finalizers, endpoints, persistentvolumeclaims, events, configmaps, replicationcontrollers|
+|create|core|secrets|
 |*|apps, extensions|deployments, daemonsets, replicasets, statefulsets|
 |*|autoscaling|horizontalpodautoscalers|
 |*|batch|jobs, cronjobs|

controller/sandbox.go

@@ -252,6 +252,13 @@ func getRole(sandbox operatorsv1alpha1.Sandbox) rbacv1.Role {
 					"rolebindings",
 				},
 			},
+			rbacv1.PolicyRule{
+				Verbs:     []string{"create"},
+				APIGroups: []string{""},
+				Resources: []string{
+					"secrets",
+				},
+			},
 		},
 	}