cert-manager: add roles and rolebindings added in v1.5.4

maelvls · maelvls · commit 5bafa95ee4c6 · 2021-10-05T17:22:53.000+02:00
Commands:

```
git fetch --tags                                                                                  git diff v1.5.3 v1.5.4 -- deploy/charts/cert-manager/templates
git diff v1.5.3 v1.5.4 -- deploy/charts/cert-manager/templates
cd deploy/charts/cert-manager/templates
cp startupapicheck-psp-clusterrolebinding.yaml startupapicheck-psp-clusterrole.yaml \
  ~/code/jetstack/jetstack-secure-gcm/chart/jetstack-secure-gcm/charts/cert-manager/templates
```

Signed-off-by: Maël Valais &lt;mael@vls.dev&gt;
diff --git a/chart/jetstack-secure-gcm/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml b/chart/jetstack-secure-gcm/charts/cert-manager/templates/startupapicheck-psp-clusterrole.yaml
@@ -0,0 +1,24 @@
+{{- if .Values.startupapicheck.enabled -}}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ template "startupapicheck.fullname" . }}-psp
+  labels:
+    app: {{ include "startupapicheck.name" . }}
+    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "startupapicheck"
+    {{- include "labels" . | nindent 4 }}
+  {{- if .Values.startupapicheck.rbac.annotations }}
+  annotations:
+    {{ toYaml .Values.startupapicheck.rbac.annotations | nindent 4 }}
+  {{- end }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+  - {{ template "startupapicheck.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/chart/jetstack-secure-gcm/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml b/chart/jetstack-secure-gcm/charts/cert-manager/templates/startupapicheck-psp-clusterrolebinding.yaml
@@ -0,0 +1,26 @@
+{{- if .Values.startupapicheck.enabled -}}
+{{- if .Values.global.podSecurityPolicy.enabled }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "startupapicheck.fullname" . }}-psp
+  labels:
+    app: {{ include "startupapicheck.name" . }}
+    app.kubernetes.io/name: {{ include "startupapicheck.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/component: "startupapicheck"
+    {{- include "labels" . | nindent 4 }}
+  {{- if .Values.startupapicheck.rbac.annotations }}
+  annotations:
+    {{ toYaml .Values.startupapicheck.rbac.annotations | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "startupapicheck.fullname" . }}-psp
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "startupapicheck.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
