ACME/cert-manager-webhook-sthome
ACME/cert-manager-webhook-sthome
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated rbac.yaml

Browse Source
This commit is contained in:
Chris Stuurman 2024-03-27 21:14:18 +02:00
parent be59e240cb
commit fd6cec29d0
1 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
deploy/sthome-webhook/templates/rbac.yaml
View File

@ -9,6 +9,46 @@ metadata:
release: {{ .Release.Name }} release: {{ .Release.Name }}
heritage: {{ .Release.Service }} heritage: {{ .Release.Service }}
--- ---
# Grant the webhook permission to read the secrets containing the credentials
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "sthome-webhook.fullname" . }}:secrets-reader
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "sthome-webhook.name" . }}
chart: {{ include "sthome-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- ''
resources:
- 'secrets'
verbs:
- 'get'
---
# Grant the webhook permission to read the secrets containing the credentials
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "sthome-webhook.fullname" . }}:secrets-reader
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "sthome-webhook.name" . }}
chart: {{ include "sthome-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "sthome-webhook.fullname" . }}:secrets-reader
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "sthome-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}
---
# Grant the webhook permission to read the ConfigMap containing the Kubernetes # Grant the webhook permission to read the ConfigMap containing the Kubernetes
# apiserver's requestheader-ca-certificate. # apiserver's requestheader-ca-certificate.
# This ConfigMap is automatically created by the Kubernetes apiserver. # This ConfigMap is automatically created by the Kubernetes apiserver.