[cert-manager] Fix missing RBAC rules for ClusterRole cert-manager-cainjector kubernetes-sigs#8104. (#8444)

pull/8457/head
onock 2022-01-20 21:17:09 +01:00 committed by GitHub
parent 6e2e61012a
commit 392815d97c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 3 deletions

View File

@ -93,6 +93,12 @@ rules:
- apiGroups: ["auditregistration.k8s.io"]
resources: ["auditsinks"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "get", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create", "get", "update"]
---
# Source: cert-manager/templates/rbac.yaml
# Issuer controller role
@ -661,7 +667,7 @@ rules:
---
# Source: cert-manager/templates/rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
kind: ClusterRole
metadata:
name: cert-manager:leaderelection
namespace: {{ cert_manager_leader_election_namespace }}
@ -739,7 +745,7 @@ subjects:
# grant cert-manager permission to manage the leaderelection configmap in the
# leader election namespace
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
kind: ClusterRoleBinding
metadata:
name: cert-manager:leaderelection
namespace: {{ cert_manager_leader_election_namespace }}
@ -751,7 +757,7 @@ metadata:
app.kubernetes.io/version: "{{ cert_manager_version }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
kind: ClusterRole
name: cert-manager:leaderelection
subjects:
- apiGroup: ""