KropCloud/cert-manager-webhook-example
1
0
Fork 1
mirror of https://github.com/cert-manager/webhook-example.git synced 2025-07-01 22:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Grant the webhook permission to read the api-token Secret in the specified namespace.

Browse source
This commit is contained in:
Joe Hanson 2023-06-02 11:11:31 -04:00 committed by GitHub
parent aa58888131
commit 9b8c1e70b6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
charts/dnsimple/templates/rbac.yaml
View file

@ -9,6 +9,31 @@ metadata:
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
---
# Grant the webhook permission to read the api-token Secret in the specified namespace.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
namespace: {{ .Release.Namespace | quote }}
name: {{ include "dnsimple-webhook.fullname" . }}:access-secret
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "watch"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dnsimple-webhook.fullname" . }}:access-secret
namespace: {{ .Release.Namespace | quote }}
subjects:
- kind: ServiceAccount
name: {{ include "dnsimple-webhook.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
kind: Role
name: {{ include "dnsimple-webhook.fullname" . }}:access-secret
apiGroup: rbac.authorization.k8s.io
---
# Grant the webhook permission to read the ConfigMap containing the Kubernetes
# apiserver's requestheader-ca-certificate.
# This ConfigMap is automatically created by the Kubernetes apiserver.