weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #343 from munnerz/rbac-endpoints

Browse Source 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Add Endpoints back into the cert-manager RBAC policy

**What this PR does / why we need it**:

Adds permission to CRUD Endpoints resources back into the cert-manager RBAC role. This is to prevent deployments using the 'master' version of the Helm chart failing when deploying a pre-0.3 (unreleased) release of cert-manager.

We will remove this in 0.4. This is in order to reduce friction for new users if they forget/decide not to use a tagged release of the Helm chart.

**Release note**:
```release-note
NONE
```

/cc @davecheney @mikebryant
This commit is contained in:
jetstack-ci-bot 2018-02-25 20:19:02 +00:00 committed by GitHub
commit 010e6c87e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/charts/cert-manager/templates/rbac.yaml
View File

@ -13,7 +13,12 @@ rules:
resources: ["certificates", "issuers", "clusterissuers"]
verbs: ["*"]
- apiGroups: [""]
resources: ["configmaps", "secrets", "events", "services", "pods"]
# TODO: remove endpoints once 0.4 is released. We include it here in case
# users use the 'master' version of the Helm chart with a 0.2.x release of
# cert-manager that still performs leader election with Endpoint resources.
# We advise users don't do this, but some will anyway and this will reduce
# friction.
resources: ["endpoints", "configmaps", "secrets", "events", "services", "pods"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["ingresses"]

7
docs/deploy/rbac/rbac.yaml
View File

@ -14,7 +14,12 @@ rules:
resources: ["certificates", "issuers", "clusterissuers"]
verbs: ["*"]
- apiGroups: [""]
resources: ["configmaps", "secrets", "events", "services", "pods"]
# TODO: remove endpoints once 0.4 is released. We include it here in case
# users use the 'master' version of the Helm chart with a 0.2.x release of
# cert-manager that still performs leader election with Endpoint resources.
# We advise users don't do this, but some will anyway and this will reduce
# friction.
resources: ["endpoints", "configmaps", "secrets", "events", "services", "pods"]
verbs: ["*"]
- apiGroups: ["extensions"]
resources: ["ingresses"]