Add tokenreviews permissions

taraspos · taraspos · commit ce5d794fecbd · 2024-10-30T12:54:02.000Z
diff --git a/charts/eks-pod-identity-agent/templates/serviceaccount.yaml b/charts/eks-pod-identity-agent/templates/serviceaccount.yaml
@@ -20,6 +20,11 @@ rules:
   resources: ["serviceaccounts"]
   verbs: {{ .Values.irsa.cluster_role.permissions.serviceaccounts.verbs }}
 {{- end }}
+{{- if .Values.irsa.cluster_role.permissions.tokenreviews.verbs }}
+- apiGroups: ["authentication.k8s.io"]
+  resources: ["tokenreviews"]
+  verbs: {{ .Values.irsa.cluster_role.permissions.tokenreviews.verbs }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
diff --git a/charts/eks-pod-identity-agent/values.yaml b/charts/eks-pod-identity-agent/values.yaml
@@ -107,3 +107,5 @@ irsa:
     permissions:
       serviceaccounts:
         verbs: ["get"]
+      tokenreviews:
+        verbs: ["create"]
