You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58 lines
1.4 KiB
58 lines
1.4 KiB
# grant cert-manager permission to manage the leaderelection configmap in the
|
|
# leader election namespace
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: cert-manager-cainjector:leaderelection
|
|
labels:
|
|
app: cainjector
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: cert-manager-cainjector:leaderelection
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: cert-manager-cainjector
|
|
namespace: $(certManagerNamespace)
|
|
|
|
---
|
|
|
|
# grant cert-manager permission to manage the leaderelection configmap in the
|
|
# leader election namespace
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: cert-manager:leaderelection
|
|
labels:
|
|
app: cert-manager
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: cert-manager:leaderelection
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: cert-manager
|
|
namespace: $(certManagerNamespace)
|
|
|
|
---
|
|
|
|
# apiserver gets the ability to read authentication. This allows it to
|
|
# read the specific configmap that has the requestheader-* entries to
|
|
# api agg
|
|
apiVersion: rbac.authorization.k8s.io/v1beta1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: cert-manager-webhook:webhook-authentication-reader
|
|
labels:
|
|
app: webhook
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: extension-apiserver-authentication-reader
|
|
subjects:
|
|
- apiGroup: ""
|
|
kind: ServiceAccount
|
|
name: cert-manager-webhook
|
|
namespace: $(certManagerNamespace)
|
|
|