update rabc in Helm charts

charts/kyverno/templates/clusterrole.yaml

@@ -1,5 +1,5 @@
 {{- if .Values.rbac.create }}
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: {{ template "kyverno.fullname" . }}:policyviolations
@@ -68,8 +68,10 @@ rules:
   - rolebindings
   - clusterrolebindings
   - configmaps
+  - namespaces
   verbs:
   - watch
+  - list
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -84,13 +86,21 @@ rules:
   - policies/status
   - clusterpolicies
   - clusterpolicies/status
+  - policyreports
+  - policyreports/status
+  - clusterpolicyreports
+  - clusterpolicyreports/status
   - generaterequests
   - generaterequests/status
+  - reportchangerequests
+  - reportchangerequests/status
+  - clusterreportchangerequests
+  - clusterreportchangerequests/status
   verbs:
   - create
   - delete
-  - get 
-  - list 
+  - get
+  - list
   - patch
   - update
   - watch
@@ -153,3 +163,48 @@ rules:
   verbs:
   - watch
 {{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: {{ template "kyverno.fullname" . }}:admin-policies
+rules:
+- apiGroups:
+  - kyverno.io
+  resources:
+  - policies
+  - clusterpolicies
+  verbs:
+  - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: {{ template "kyverno.fullname" . }}:admin-policyreport
+rules:
+  - apiGroups:
+      - wgpolicyk8s.io/v1alpha1
+    resources:
+      - policyreport
+      - clusterpolicyreport
+    verbs:
+      - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+  name: {{ template "kyverno.fullname" . }}:admin-reportchangerequest
+rules:
+- apiGroups:
+  - kyverno.io
+  resources:
+  - reportchangerequests
+  - clusterreportchangerequests
+  verbs:
+  - "*"

charts/kyverno/templates/clusterrolebinding.yaml

@@ -1,4 +1,17 @@
 {{- if .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kyverno.fullname" . }}:policyviolations
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "kyverno.fullname" . }}:policyviolations
+subjects:
+- kind: ServiceAccount
+  name: {{ template "kyverno.serviceAccountName" . }}
+  namespace: {{ template "kyverno.namespace" . }}
+---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:

definitions/k8s-resource/clusterroles.yaml

@@ -24,7 +24,7 @@ metadata:
   name: kyverno-service-account
   namespace: kyverno
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: kyverno:policyviolations