search

djkormo / adcs-issuer

BSD 3-Clause "New" or "Revised" License
22 stars 11 forks source link

Correct RBAC permission for cert-manager #12

Closed djkormo closed 11 months ago

djkormo commented 1 year ago

For cert-manager deployed via helm chart it is important to correct RBAC permissions for accepting and denying ADCS issuers.

https://cert-manager.io/docs/concepts/certificaterequest/

djkormo commented 1 year ago 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: cert-manager-controller-approve-adcs
rules:
- apiGroups:
  - cert-manager.io
  resources:
  - signers
  verbs:
  - approve
  - deny 
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: cert-manager-controller-approve-adcs 
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cert-manager-controller-approve-adcs 
subjects:
- kind: ServiceAccount
  name: cert-manager
  namespace: cert-manager
djkormo commented 11 months ago

Corrected with version 2.0.8