mirror of https://git.rancher.io/charts
17 lines
505 B
YAML
17 lines
505 B
YAML
|
# the RBAC role that the webhook needs to:
|
||
|
|
# * read GMSA custom resources
|
||
|
|
# * check authorizations to use GMSA cred specs
|
||
|
|
kind: ClusterRole
|
||
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
||
|
|
metadata:
|
||
|
|
name: {{ .Release.Name }}
|
||
|
|
labels: {{ include "gmsa.chartref" . | nindent 4 }}
|
||
|
|
rules:
|
||
|
|
- apiGroups: ["windows.k8s.io"]
|
||
|
|
resources: ["gmsacredentialspecs"]
|
||
|
|
verbs: ["get", "use"]
|
||
|
|
- apiGroups: ["authorization.k8s.io"]
|
||
|
|
resources: ["localsubjectaccessreviews"]
|
||
|
|
verbs: ["create"]
|
||
|
|
|