Skip to content

Commit

Permalink
Add a Firefly clusterrole and clusterrolebinding to the venafi-kubern…
Browse files Browse the repository at this point in the history 
…etes-agent chart

Signed-off-by: Richard Wall <richard.wall@venafi.com>
  • Loading branch information
@wallrj
wallrj committed Nov 12, 2024
1 parent 1f00f09 commit a9ae67c
Showing 1 changed file with 27 additions and 0 deletions.
27 changes: 27 additions & 0 deletions deploy/charts/venafi-kubernetes-agent/templates/rbac.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,3 +288,30 @@ subjects:
- kind: ServiceAccount
name: {{ include "venafi-kubernetes-agent.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "venafi-kubernetes-agent.fullname" . }}-firefly-reader
labels:
{{- include "venafi-kubernetes-agent.labels" . | nindent 4 }}
rules:
- apiGroups: ["firefly.venafi.com"]
resources:
- issuers
verbs: ["get", "list", "watch"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "venafi-kubernetes-agent.fullname" . }}-firefly-reader
labels:
{{- include "venafi-kubernetes-agent.labels" . | nindent 4 }}
roleRef:
kind: ClusterRole
name: {{ include "venafi-kubernetes-agent.fullname" . }}-firefly-reader
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: {{ include "venafi-kubernetes-agent.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

0 comments on commit a9ae67c

Please sign in to comment.