weiguoqiang/cert-manager
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

Add seperate rules for leases and configmaps

Browse Source 
Signed-off-by: Tamal Saha <tamal@appscode.com>
This commit is contained in:
Tamal Saha 2021-05-13 10:33:58 -07:00
parent a744db675d
commit 1f0e9d4f17
2 changed files with 26 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
deploy/charts/cert-manager/templates/cainjector-rbac.yaml
View File

@ -74,13 +74,22 @@ rules:
# see cmd/cainjector/start.go#L113
# cert-manager-cainjector-leader-election-core is used by the SecretBased injector controller
# see cmd/cainjector/start.go#L137
- apiGroups: ["coordination.k8s.io", ""]
resources: ["leases", "configmaps"]
# See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
verbs: ["get", "update", "patch"]
- apiGroups: ["coordination.k8s.io", ""]
resources: ["leases", "configmaps"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
resourceNames: ["cert-manager-cainjector-leader-election", "cert-manager-cainjector-leader-election-core"]
verbs: ["get", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create"]
---
# grant cert-manager permission to manage the leaderelection configmap in the

18
deploy/charts/cert-manager/templates/rbac.yaml
View File

@ -14,13 +14,21 @@ metadata:
helm.sh/chart: {{ include "cert-manager.chart" . }}
rules:
# Used for leader election by the controller
- apiGroups: ["coordination.k8s.io", ""]
resources: ["leases", "configmaps"]
verbs: ["create"]
- apiGroups: ["coordination.k8s.io", ""]
resources: ["leases", "configmaps"]
# See also: https://github.com/kubernetes-sigs/controller-runtime/pull/1144#discussion_r480173688
- apiGroups: [""]
resources: ["configmaps"]
resourceNames: ["cert-manager-controller"]
verbs: ["get", "update", "patch"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
resourceNames: ["cert-manager-controller"]
verbs: ["get", "update", "patch"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["create"]
---