From 2882a4fb13fea94e68eebd764c29f2e299466f56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Charles-Edouard=20Br=C3=A9t=C3=A9ch=C3=A9?= Date: Tue, 23 Aug 2022 14:07:44 +0200 Subject: [PATCH] fix: missing aggregated role for UR (#4378) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Charles-Edouard Brétéché Signed-off-by: Charles-Edouard Brétéché --- charts/kyverno/templates/aggregateroles.yaml | 22 ++++++++++++++++- config/install.yaml | 26 ++++++++++++++++++++ config/install_debug.yaml | 25 +++++++++++++++++++ config/k8s-resource/aggregateroles.yaml | 21 ++++++++++++++++ 4 files changed, 93 insertions(+), 1 deletion(-) diff --git a/charts/kyverno/templates/aggregateroles.yaml b/charts/kyverno/templates/aggregateroles.yaml index 789aff4714..5b89e2c162 100644 --- a/charts/kyverno/templates/aggregateroles.yaml +++ b/charts/kyverno/templates/aggregateroles.yaml @@ -85,5 +85,25 @@ rules: - patch - update - watch - +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: {{ include "kyverno.labels" . | nindent 4 }} + rbac.authorization.k8s.io/aggregate-to-admin: "true" + app: kyverno + name: {{ template "kyverno.fullname" . }}:admin-updaterequest +rules: +- apiGroups: + - kyverno.io + resources: + - updaterequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch {{- end }} diff --git a/config/install.yaml b/config/install.yaml index 72b2951bb8..e3e95ee6a1 100644 --- a/config/install.yaml +++ b/config/install.yaml @@ -12379,6 +12379,32 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + labels: + app: kyverno + app.kubernetes.io/component: kyverno + app.kubernetes.io/instance: kyverno + app.kubernetes.io/name: kyverno + app.kubernetes.io/part-of: kyverno + app.kubernetes.io/version: latest + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: kyverno:admin-updaterequest +rules: +- apiGroups: + - kyverno.io + resources: + - updaterequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: labels: app: kyverno diff --git a/config/install_debug.yaml b/config/install_debug.yaml index c436701c49..82dc1a83e3 100755 --- a/config/install_debug.yaml +++ b/config/install_debug.yaml @@ -12363,6 +12363,31 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole +metadata: + labels: + app: kyverno + app.kubernetes.io/component: kyverno + app.kubernetes.io/instance: kyverno + app.kubernetes.io/name: kyverno + app.kubernetes.io/part-of: kyverno + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: kyverno:admin-updaterequest +rules: +- apiGroups: + - kyverno.io + resources: + - updaterequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: labels: app: kyverno diff --git a/config/k8s-resource/aggregateroles.yaml b/config/k8s-resource/aggregateroles.yaml index fad740f6dd..ecda03af3a 100644 --- a/config/k8s-resource/aggregateroles.yaml +++ b/config/k8s-resource/aggregateroles.yaml @@ -85,3 +85,24 @@ rules: - patch - update - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: kyverno + rbac.authorization.k8s.io/aggregate-to-admin: "true" + name: kyverno:admin-updaterequest +rules: +- apiGroups: + - kyverno.io + resources: + - updaterequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch