github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-certificates.yaml

github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-certificates.yaml (about)

     1  # Source: cert-manager/templates/rbac.yaml
     2  # Certificates controller role
     3  apiVersion: rbac.authorization.k8s.io/v1
     4  kind: ClusterRole
     5  metadata:
     6    name: cert-manager-controller-certificates
     7    labels:
     8      app: cert-manager
     9      app.kubernetes.io/name: cert-manager
    10      app.kubernetes.io/instance: cert-manager
    11      app.kubernetes.io/component: "controller"
    12      app.kubernetes.io/version: "v1.8.2"
    13  rules:
    14    - apiGroups: ["cert-manager.io"]
    15      resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
    16      verbs: ["update", "patch"]
    17    - apiGroups: ["cert-manager.io"]
    18      resources: ["certificates", "certificaterequests", "clusterissuers", "issuers"]
    19      verbs: ["get", "list", "watch"]
    20    # We require these rules to support users with the OwnerReferencesPermissionEnforcement
    21    # admission controller enabled:
    22    # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
    23    - apiGroups: ["cert-manager.io"]
    24      resources: ["certificates/finalizers", "certificaterequests/finalizers"]
    25      verbs: ["update"]
    26    - apiGroups: ["acme.cert-manager.io"]
    27      resources: ["orders"]
    28      verbs: ["create", "delete", "get", "list", "watch"]
    29    - apiGroups: [""]
    30      resources: ["secrets"]
    31      verbs: ["get", "list", "watch", "create", "update", "delete", "patch"]
    32    - apiGroups: [""]
    33      resources: ["events"]
    34      verbs: ["create", "patch"]
    35