--- /dev/null
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: webhookcfg-controller
+ namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: caas:webhookcfg-controller
+ namespace: kube-system
+rules:
+- apiGroups:
+ - admissionregistration.k8s.io
+ resources:
+ - mutatingwebhookconfigurations
+ verbs: ["get", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: caas:webhookcfg-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: caas:webhookcfg-controller
+subjects:
+- kind: ServiceAccount
+ name: webhookcfg-controller
+ namespace: kube-system
\ No newline at end of file
%define COMPONENT security
%define RPM_NAME caas-%{COMPONENT}
%define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 1
+%define RPM_MINOR_VERSION 2
Name: %{RPM_NAME}
Version: %{RPM_MAJOR_VERSION}