Code Review / ta / caas-security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Add RBAC config for CPU webhookcfg-controller
[ta/caas-security.git] / rbac_manifests / webhook-conf-controller-config.yaml
1 apiVersion: v1
2 kind: ServiceAccount
3 metadata:
4   name: webhookcfg-controller
5   namespace: kube-system
6 ---
7 apiVersion: rbac.authorization.k8s.io/v1
8 kind: ClusterRole
9 metadata:
10   name: caas:webhookcfg-controller
11   namespace: kube-system
12 rules:
13 - apiGroups:
14   - admissionregistration.k8s.io
15   resources:
16   - mutatingwebhookconfigurations
17   verbs: ["get", "update"]
18 ---
19 apiVersion: rbac.authorization.k8s.io/v1
20 kind: ClusterRoleBinding
21 metadata:
22   name: caas:webhookcfg-controller
23 roleRef:
24   apiGroup: rbac.authorization.k8s.io
25   kind: ClusterRole
26   name: caas:webhookcfg-controller
27 subjects:
28 - kind: ServiceAccount
29   name: webhookcfg-controller
30   namespace: kube-system
contains all the code related to managing users, certificates for TLS, authentication, authorization, and hardening of the CaaS sub-system.