[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. (#8444)
parent
6e2e61012a
commit
392815d97c
|
@ -93,6 +93,12 @@ rules:
|
|||
- apiGroups: ["auditregistration.k8s.io"]
|
||||
resources: ["auditsinks"]
|
||||
verbs: ["get", "list", "watch", "update"]
|
||||
- apiGroups: [""]
|
||||
resources: ["configmaps"]
|
||||
verbs: ["create", "get", "update"]
|
||||
- apiGroups: ["coordination.k8s.io"]
|
||||
resources: ["leases"]
|
||||
verbs: ["create", "get", "update"]
|
||||
---
|
||||
# Source: cert-manager/templates/rbac.yaml
|
||||
# Issuer controller role
|
||||
|
@ -661,7 +667,7 @@ rules:
|
|||
---
|
||||
# Source: cert-manager/templates/rbac.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: cert-manager:leaderelection
|
||||
namespace: {{ cert_manager_leader_election_namespace }}
|
||||
|
@ -739,7 +745,7 @@ subjects:
|
|||
# grant cert-manager permission to manage the leaderelection configmap in the
|
||||
# leader election namespace
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: cert-manager:leaderelection
|
||||
namespace: {{ cert_manager_leader_election_namespace }}
|
||||
|
@ -751,7 +757,7 @@ metadata:
|
|||
app.kubernetes.io/version: "{{ cert_manager_version }}"
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
kind: ClusterRole
|
||||
name: cert-manager:leaderelection
|
||||
subjects:
|
||||
- apiGroup: ""
|
||||
|
|
Loading…
Reference in New Issue