github.com/GoogleContainerTools/kpt@v1.0.0-beta.50.0.20240520170205-c25345ffcbee/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml

github.com/GoogleContainerTools/kpt@v1.0.0-beta.50.0.20240520170205-c25345ffcbee/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-certificatesigningrequests.yaml (about)

     1  # Source: cert-manager/templates/rbac.yaml
     2  # Permission to:
     3  # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers
     4  # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers
     5  apiVersion: rbac.authorization.k8s.io/v1
     6  kind: ClusterRole
     7  metadata:
     8    name: cert-manager-controller-certificatesigningrequests
     9    labels:
    10      app: cert-manager
    11      app.kubernetes.io/name: cert-manager
    12      app.kubernetes.io/instance: cert-manager
    13      app.kubernetes.io/component: "cert-manager"
    14      app.kubernetes.io/version: "v1.8.2"
    15  rules:
    16    - apiGroups: ["certificates.k8s.io"]
    17      resources: ["certificatesigningrequests"]
    18      verbs: ["get", "list", "watch", "update"]
    19    - apiGroups: ["certificates.k8s.io"]
    20      resources: ["certificatesigningrequests/status"]
    21      verbs: ["update", "patch"]
    22    - apiGroups: ["certificates.k8s.io"]
    23      resources: ["signers"]
    24      resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"]
    25      verbs: ["sign"]
    26    - apiGroups: ["authorization.k8s.io"]
    27      resources: ["subjectaccessreviews"]
    28      verbs: ["create"]
    29