diff options
Diffstat (limited to 'kubernetes/common/roles-wrapper/templates/role.yaml')
-rw-r--r-- | kubernetes/common/roles-wrapper/templates/role.yaml | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml index e2a84b4151..0be6c7bbd6 100644 --- a/kubernetes/common/roles-wrapper/templates/role.yaml +++ b/kubernetes/common/roles-wrapper/templates/role.yaml @@ -32,6 +32,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -52,6 +53,7 @@ rules: resources: - pods - deployments + - deployments/status - jobs - jobs/status - statefulsets @@ -59,6 +61,7 @@ rules: - replicasets/status - daemonsets - secrets + - services verbs: - get - watch @@ -68,6 +71,7 @@ rules: - apps resources: - statefulsets + - configmaps verbs: - patch - apiGroups: @@ -76,6 +80,8 @@ rules: resources: - deployments - secrets + - services + - pods verbs: - create - apiGroups: @@ -85,7 +91,8 @@ rules: - pods - persistentvolumeclaims - secrets - - deployment + - deployments + - services verbs: - delete - apiGroups: @@ -95,6 +102,13 @@ rules: - pods/exec verbs: - create +- apiGroups: + - cert-manager.io + resources: + - certificates + verbs: + - create + - delete {{- else }} # if you don't match read or create, then you're not allowed to use API # except to see basic information about yourself |