From 5f9093a6aa5b6d2f8fa7b962a91b6764e12a2905 Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Wed, 1 Apr 2020 10:52:17 -0700
Subject: [PATCH] update clusterrole kyverno:webhook to approve csr for 1.18
 cluster

---
 definitions/install.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/definitions/install.yaml b/definitions/install.yaml
index 8549cfa38f..59fb58085b 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -564,6 +564,28 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - certificatesigningrequests
+  - certificatesigningrequests/approval
+  - certificatesigningrequests/status
+  resourceNames:
+    - kubernetes.io/legacy-unknown
+  verbs:
+  - create
+  - delete
+  - get 
+  - update
+  - watch
+- apiGroups:
+  - certificates.k8s.io
+  resources:
+  - signers
+  resourceNames:
+  - kubernetes.io/legacy-unknown
+  verbs:
+  - approve 
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole