Fix rbac issues with dnsimple cert issuer.

This commit is contained in:
Joseph Hanson 2023-08-15 13:26:27 +00:00
parent 385fa5377c
commit 623867a559
3 changed files with 23 additions and 4 deletions

View file

@ -0,0 +1,22 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: flow-schema-reader
rules:
- apiGroups: ["flowcontrol.apiserver.k8s.io"]
resources: ["flowschemas", "prioritylevelconfigurations"]
verbs: ["list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: grant-flow-schema-permission
subjects:
- kind: ServiceAccount
name: dnsimple-issuer-cert-manager-webhook-dnsimple
namespace: cert-manager
roleRef:
kind: ClusterRole
name: flow-schema-reader
apiGroup: rbac.authorization.k8s.io

View file

@ -6,4 +6,5 @@ resources:
- ./externalsecret.yaml - ./externalsecret.yaml
- ./issuer-letsencrypt-prod.yaml - ./issuer-letsencrypt-prod.yaml
- ./issuer-letsencrypt-staging.yaml - ./issuer-letsencrypt-staging.yaml
- ./dnsimple-issuer-rbac.yaml
- ./helmrelease.yaml - ./helmrelease.yaml

View file

@ -25,10 +25,6 @@ spec:
sourceRef: sourceRef:
kind: GitRepository kind: GitRepository
name: valinor name: valinor
decryption:
provider: sops
secretRef:
name: sops-age
wait: true wait: true
dependsOn: dependsOn:
- name: cluster-apps-external-secrets - name: cluster-apps-external-secrets