Skip to content

Simplify configuration by creating RBAC by default #216

New issue
New issue
Open
#628
Open
Simplify configuration by creating RBAC by default#216
#628
Labels
help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
@inteon

Description

@inteon
inteon
opened on Mar 23, 2023

Currently, it is quite complex to configure approver-policy due to all the necessary additional RBAC.

The following RBAC could be added to the Helm chart to simplify usage (easy-mode):

  1. allow approver-policy to approve all issuer types:
- apiGroups: ["cert-manager.io"]
  resources: ["signers"]
  verbs: ["approve"]
...
- kind: ServiceAccount
  name: {{ include "cert-manager-approver-policy.name" . }}
  namespace: {{ .Release.Namespace }}
  1. make all policies applicable to the cert-manager SA by default (use selector for filtering instead):
- apiGroups: ["policy.cert-manager.io"]
  resources: ["certificaterequestpolicies"]
  verbs: ["use"]
...
- kind: ServiceAccount
  name: cert-manager
  namespace: {{ .Release.Namespace }}

cc @wallrj @JoshVanL

Metadata

Metadata

Assignees

No one assigned

    Labels

    help wantedDenotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions