penguin/webhook-freedns
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed RBAC issues on 1.23.0 <=

Browse Source
This commit is contained in:
斟酌 鵬兄 2022-03-14 17:25:30 +09:00
parent 3eea4a96a6
commit c2272e3816
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
deploy/freedns-webhook/templates/rbac.yaml
View File

@ -88,3 +88,42 @@ subjects:
kind: ServiceAccount kind: ServiceAccount
name: {{ .Values.certManager.serviceAccountName }} name: {{ .Values.certManager.serviceAccountName }}
namespace: {{ .Values.certManager.namespace }} namespace: {{ .Values.certManager.namespace }}
---
# Grant pod account permission to validate using our apiserver
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "freedns-webhook.fullname" . }}:flowcontrol
labels:
app: {{ include "freedns-webhook.name" . }}
chart: {{ include "freedns-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- "flowcontrol.apiserver.k8s.io"
resources:
- 'prioritylevelconfigurations'
- 'flowschemas'
verbs:
- 'list'
- 'watch'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "freedns-webhook.fullname" . }}:flowcontrol
labels:
app: {{ include "freedns-webhook.name" . }}
chart: {{ include "freedns-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "freedns-webhook.fullname" . }}:flowcontrol
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "freedns-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}