Adds rbac rules for certificaterequests in deploy

Signed-off-by: JoshVanL <vleeuwenjoshua@gmail.com>
2019-07-03 19:03:44 +01:00 · 2019-07-03 19:03:44 +01:00 · 89189457a0
commit 89189457a0
parent 98d5725eea
3 changed files with 8 additions and 7 deletions
--- a/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/cainjector/templates/rbac.yaml
@ -10,7 +10,7 @@ metadata:
    heritage: {{ .Release.Service }}
 rules:
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates"]
+    resources: ["certificates", "certificaterequests"]
    verbs: ["get", "list", "watch"]
  - apiGroups: [""]
    resources: ["secrets"]
--- a/deploy/charts/cert-manager/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/templates/rbac.yaml
@ -81,10 +81,10 @@ metadata:
    heritage: {{ .Release.Service }}
 rules:
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "certificates/status"]
+    resources: ["certificates", "certificates/status", "certificaterequests", "certificaterequests/status"]
    verbs: ["update"]
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "clusterissuers", "issuers", "orders"]
+    resources: ["certificates", "certificaterequests", "clusterissuers", "issuers", "orders"]
    verbs: ["get", "list", "watch"]
  # We require these rules to support users with the OwnerReferencesPermissionEnforcement
  # admission controller enabled:
@ -206,10 +206,10 @@ metadata:
    heritage: {{ .Release.Service }}
 rules:
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates"]
+    resources: ["certificates", "certificaterequests"]
    verbs: ["create", "update", "delete"]
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers", "clusterissuers"]
+    resources: ["certificates", "certificaterequests", "issuers", "clusterissuers"]
    verbs: ["get", "list", "watch"]
  - apiGroups: ["extensions"]
    resources: ["ingresses"]
@ -380,7 +380,7 @@ metadata:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers"]
+    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["get", "list", "watch"]

 ---
@ -398,7 +398,7 @@ metadata:
    rbac.authorization.k8s.io/aggregate-to-admin: "true"
 rules:
  - apiGroups: ["certmanager.k8s.io"]
-    resources: ["certificates", "issuers"]
+    resources: ["certificates", "certificaterequests", "issuers"]
    verbs: ["create", "delete", "deletecollection", "patch", "update"]

 {{- end }}
--- a/deploy/charts/cert-manager/webhook/templates/rbac.yaml
+++ b/deploy/charts/cert-manager/webhook/templates/rbac.yaml
@ -63,6 +63,7 @@ rules:
  - admission.certmanager.k8s.io
  resources:
  - certificates
+  - certificaterequests
  - issuers
  - clusterissuers
  verbs: