summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/roles-wrapper
diff options
context:
space:
mode:
Diffstat (limited to 'kubernetes/common/roles-wrapper')
-rw-r--r--kubernetes/common/roles-wrapper/templates/role.yaml16
1 files changed, 15 insertions, 1 deletions
diff --git a/kubernetes/common/roles-wrapper/templates/role.yaml b/kubernetes/common/roles-wrapper/templates/role.yaml
index e2a84b4151..0be6c7bbd6 100644
--- a/kubernetes/common/roles-wrapper/templates/role.yaml
+++ b/kubernetes/common/roles-wrapper/templates/role.yaml
@@ -32,6 +32,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -52,6 +53,7 @@ rules:
resources:
- pods
- deployments
+ - deployments/status
- jobs
- jobs/status
- statefulsets
@@ -59,6 +61,7 @@ rules:
- replicasets/status
- daemonsets
- secrets
+ - services
verbs:
- get
- watch
@@ -68,6 +71,7 @@ rules:
- apps
resources:
- statefulsets
+ - configmaps
verbs:
- patch
- apiGroups:
@@ -76,6 +80,8 @@ rules:
resources:
- deployments
- secrets
+ - services
+ - pods
verbs:
- create
- apiGroups:
@@ -85,7 +91,8 @@ rules:
- pods
- persistentvolumeclaims
- secrets
- - deployment
+ - deployments
+ - services
verbs:
- delete
- apiGroups:
@@ -95,6 +102,13 @@ rules:
- pods/exec
verbs:
- create
+- apiGroups:
+ - cert-manager.io
+ resources:
+ - certificates
+ verbs:
+ - create
+ - delete
{{- else }}
# if you don't match read or create, then you're not allowed to use API
# except to see basic information about yourself