jahanson/theshire
1
0
Fork 0
Code Issues 1 Pull requests 3 Projects Releases Packages Wiki Activity Actions

Include extra RBAC.

Browse source
This commit is contained in:
Joseph Hanson 2024-04-03 12:38:35 -05:00
parent 8b39dc81fc
commit c5c196f3ee
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o
1 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
kubernetes/apps/cert-manager/webhook-dnsimple/app/rbac.yaml
View file

@ -22,6 +22,32 @@ rules:
verbs:
- 'create'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flow-schema-reader
labels:
app: cert-manager-webhook-dnsimple
rules:
- apiGroups: ["flowcontrol.apiserver.k8s.io"]
resources: ["flowschemas", "prioritylevelconfigurations"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: grant-flow-schema-permission
labels:
app: cert-manager-webhook-dnsimple
subjects:
- kind: ServiceAccount
name: webhook-dnsimple
namespace: cert-manager
roleRef:
kind: ClusterRole
name: flow-schema-reader
apiGroup: rbac.authorization.k8s.io
---
# apiserver gets the auth-delegator role to delegate auth decisions to the core apiserver
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding