Skip to content

Commit

Permalink
Add RBAC permissions to use API Priority and Fairness feature
Browse files Browse the repository at this point in the history 
Changes:

- Add clusterrole and binding to provide permission for accessing flowschemas and prioritylevelconfigurations.

Related: syseleven#94
  • Loading branch information
Valery Zabauski committed May 16, 2023
1 parent ee97bc1 commit 507f546
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions helm/designate-certmanager-webhook/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,43 @@ subjects:
kind: ServiceAccount
name: {{ include "designate-certmanager-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}
---
# Allow using API Priority and Fairness feature
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- 'flowschemas'
- 'prioritylevelconfigurations'
verbs:
- 'get'
- 'watch'
- 'list'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "designate-certmanager-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}

0 comments on commit 507f546

Please sign in to comment.