28 lines
981 B
YAML
28 lines
981 B
YAML
kind: Role
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
metadata:
|
|
name: tekton-pipelines-webhook
|
|
namespace: tekton-pipelines
|
|
labels:
|
|
app.kubernetes.io/component: webhook
|
|
app.kubernetes.io/instance: default
|
|
app.kubernetes.io/part-of: tekton-pipelines
|
|
rules:
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["list", "watch"]
|
|
# The webhook needs access to these configmaps for logging information.
|
|
- apiGroups: [""]
|
|
resources: ["configmaps"]
|
|
verbs: ["get"]
|
|
resourceNames: ["config-logging", "config-observability", "config-leader-election-webhook", "feature-flags"]
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["list", "watch"]
|
|
# The webhook daemon makes a reconciliation loop on webhook-certs. Whenever
|
|
# the secret changes it updates the webhook configurations with the certificates
|
|
# stored in the secret.
|
|
- apiGroups: [""]
|
|
resources: ["secrets"]
|
|
verbs: ["get", "update"]
|
|
resourceNames: ["webhook-certs"] |