Merge pull request #79 from datum-cloud/fix/metrics-auth-rbac

scotwells · web-flow · commit 0a6eb1b0d182 · 2026-03-19T15:08:49.000-05:00
fix: add metrics auth RBAC to rbac_deployment component
diff --git a/config/rbac_deployment/kustomization.yaml b/config/rbac_deployment/kustomization.yaml
@@ -3,3 +3,5 @@ kind: Component
 resources:
   - leader_election_role.yaml
   - leader_election_role_binding.yaml
+  - metrics_auth_role.yaml
+  - metrics_auth_role_binding.yaml
diff --git a/config/rbac_deployment/metrics_auth_role.yaml b/config/rbac_deployment/metrics_auth_role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
diff --git a/config/rbac_deployment/metrics_auth_role_binding.yaml b/config/rbac_deployment/metrics_auth_role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-auth-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: controller-manager
+  namespace: system
