github.com/GoogleContainerTools/kpt@v1.0.0-beta.50.0.20240520170205-c25345ffcbee/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-ingress-shim.yaml (about) 1 # Source: cert-manager/templates/rbac.yaml 2 # ingress-shim controller role 3 apiVersion: rbac.authorization.k8s.io/v1 4 kind: ClusterRole 5 metadata: 6 name: cert-manager-controller-ingress-shim 7 labels: 8 app: cert-manager 9 app.kubernetes.io/name: cert-manager 10 app.kubernetes.io/instance: cert-manager 11 app.kubernetes.io/component: "controller" 12 app.kubernetes.io/version: "v1.8.2" 13 rules: 14 - apiGroups: ["cert-manager.io"] 15 resources: ["certificates", "certificaterequests"] 16 verbs: ["create", "update", "delete"] 17 - apiGroups: ["cert-manager.io"] 18 resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"] 19 verbs: ["get", "list", "watch"] 20 - apiGroups: ["networking.k8s.io"] 21 resources: ["ingresses"] 22 verbs: ["get", "list", "watch"] 23 # We require these rules to support users with the OwnerReferencesPermissionEnforcement 24 # admission controller enabled: 25 # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement 26 - apiGroups: ["networking.k8s.io"] 27 resources: ["ingresses/finalizers"] 28 verbs: ["update"] 29 - apiGroups: ["gateway.networking.k8s.io"] 30 resources: ["gateways", "httproutes"] 31 verbs: ["get", "list", "watch"] 32 - apiGroups: ["gateway.networking.k8s.io"] 33 resources: ["gateways/finalizers", "httproutes/finalizers"] 34 verbs: ["update"] 35 - apiGroups: [""] 36 resources: ["events"] 37 verbs: ["create", "patch"] 38