github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-orders.yaml

github.com/wmuizelaar/kpt@v0.0.0-20221018115725-bd564717b2ed/package-examples/cert-manager-basic/cert-manager/clusterrole-cert-manager-controller-orders.yaml (about)

     1  # Source: cert-manager/templates/rbac.yaml
     2  # Orders controller role
     3  apiVersion: rbac.authorization.k8s.io/v1
     4  kind: ClusterRole
     5  metadata:
     6    name: cert-manager-controller-orders
     7    labels:
     8      app: cert-manager
     9      app.kubernetes.io/name: cert-manager
    10      app.kubernetes.io/instance: cert-manager
    11      app.kubernetes.io/component: "controller"
    12      app.kubernetes.io/version: "v1.8.2"
    13  rules:
    14    - apiGroups: ["acme.cert-manager.io"]
    15      resources: ["orders", "orders/status"]
    16      verbs: ["update", "patch"]
    17    - apiGroups: ["acme.cert-manager.io"]
    18      resources: ["orders", "challenges"]
    19      verbs: ["get", "list", "watch"]
    20    - apiGroups: ["cert-manager.io"]
    21      resources: ["clusterissuers", "issuers"]
    22      verbs: ["get", "list", "watch"]
    23    - apiGroups: ["acme.cert-manager.io"]
    24      resources: ["challenges"]
    25      verbs: ["create", "delete"]
    26    # We require these rules to support users with the OwnerReferencesPermissionEnforcement
    27    # admission controller enabled:
    28    # https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
    29    - apiGroups: ["acme.cert-manager.io"]
    30      resources: ["orders/finalizers"]
    31      verbs: ["update"]
    32    - apiGroups: [""]
    33      resources: ["secrets"]
    34      verbs: ["get", "list", "watch"]
    35    - apiGroups: [""]
    36      resources: ["events"]
    37      verbs: ["create", "patch"]
    38