Dustin C. Hatch
717f9244e7
The [kubelet-csr-approver][0] is a controller that automatically approves CSRs for Kublets that match certain criteria. I've had it deployed in the cluster for a while, but apparently never committed the resources. These manifest files are taken from the [k8s deployment example][1] in the upstream repository. [0]: https://github.com/postfinance/kubelet-csr-approver [1]: https://github.com/postfinance/kubelet-csr-approver/tree/v1.2.10/deploy/k8s
43 lines
634 B
YAML
43 lines
634 B
YAML
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubelet-csr-approver
|
|
rules:
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
resources:
|
|
- certificatesigningrequests
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- create
|
|
- get
|
|
- update
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
resources:
|
|
- certificatesigningrequests/approval
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
resourceNames:
|
|
- kubernetes.io/kubelet-serving
|
|
resources:
|
|
- signers
|
|
verbs:
|
|
- approve
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|