Skip to content

Commit

Permalink
Merge pull request #96 from vzabawski/master
Browse files Browse the repository at this point in the history 
Add RBAC permissions to use API Priority and Fairness feature
  • Loading branch information
@baurmatt
baurmatt authored Feb 21, 2024
2 parents 1762f14 + 507f546 commit c16f00f
Showing 1 changed file with 40 additions and 0 deletions.
40 changes: 40 additions & 0 deletions helm/designate-certmanager-webhook/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -98,3 +98,43 @@ subjects:
kind: ServiceAccount
name: {{ include "designate-certmanager-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}
---
# Allow using API Priority and Fairness feature
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
- apiGroups:
- flowcontrol.apiserver.k8s.io
resources:
- 'flowschemas'
- 'prioritylevelconfigurations'
verbs:
- 'get'
- 'watch'
- 'list'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
labels:
app: {{ include "designate-certmanager-webhook.name" . }}
chart: {{ include "designate-certmanager-webhook.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "designate-certmanager-webhook.fullname" . }}:flowcontrol-solver
subjects:
- apiGroup: ""
kind: ServiceAccount
name: {{ include "designate-certmanager-webhook.fullname" . }}
namespace: {{ .Release.Namespace }}

0 comments on commit c16f00f

Please sign in to comment.