Code Review / ta / caas-security.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Add RBAC config for CPU webhookcfg-controller
[ta/caas-security.git] / rbac_manifests / webhook-conf-controller-config.yaml
diff --git a/rbac_manifests/webhook-conf-controller-config.yaml b/rbac_manifests/webhook-conf-controller-config.yaml
new file mode 100644 (file)
index 0000000..307df88
--- /dev/null
+++ b/rbac_manifests/webhook-conf-controller-config.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: webhookcfg-controller
+  namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: caas:webhookcfg-controller
+  namespace: kube-system
+rules:
+- apiGroups:
+  - admissionregistration.k8s.io
+  resources:
+  - mutatingwebhookconfigurations
+  verbs: ["get", "update"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: caas:webhookcfg-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: caas:webhookcfg-controller
+subjects:
+- kind: ServiceAccount
+  name: webhookcfg-controller
+  namespace: kube-system
\ No newline at end of file
contains all the code related to managing users, certificates for TLS, authentication, authorization, and hardening of the CaaS sub-system.